This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH v9] Add getentropy, getrandom, <sys/random.h> [BZ #17252]

On 12/06/2016 05:55 PM, Joseph Myers wrote:

On Tue, 6 Dec 2016, Zack Weinberg wrote:


On the assumption that this _is_ the issue, I am going to write a script
that scans the Debian archive for existing binaries containing
definitions (exported or not) of getentropy and/or getrandom, and will
report what it tells me -- this will probably take a couple days to
cycle all the way through.


You can't generally tell for a stripped executable whether there's a
getentropy function in there - only if it's unstripped, or linked with
-rdynamic, or linked with glibc that defines getentropy and so exports it
in the dynamic symbol table for that reason.  You could scan shared
libraries for bogus exports, but I don't see how you could test for
executables that would cause a problem when linked with new glibc without
doing a full archive rebuild with patched glibc.
Agreed. Another complication is that there are cases where you get getentropy only if HAVE_GETRANDOM is defined.
What do you suggest we should do if we detect unintended interposition (assuming we decide to use the version without redirection first)? 

Thanks,
Florian
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]