Re: Override with -D_FORTIFY_SOURCE=0 as workaround allowed?
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
On Tue, Jan 10, 2012 at 11:25:39AM +0100, Robert Scheck wrote: > Hello Tom, > > On Mon, 09 Jan 2012, Tom Lane wrote: > > I think the reason this hasn't been complained of too much is that > > it's generally better to use poll(2) instead of select(2) if your > > program can have a lot of file descriptors open. Have the Zarafa > > developers considered offering a poll()-based option? > > I have taken that topic already to Zarafa, more than void was not yet > returned, however there is an internal developer meeting this week, I > think. > > Even if they decide to rewrite the code, it's not done immediately and > non-paid code rewrites maybe also take some time, it's similar like at > RHEL vs. subscription, if I'm allowed to compare. > > Would -D_FORTIFY_SOURCE=0 be acceptable until the code is rewritten? As Tom pointed out, if you override FD_SETSIZE with glibc, this has no effect on the size of the 'fd_set' struct. So any attempt to actually store a larger number of FDs will be writing outside the bounds of the struct. ie it will be corrupting heap/stack memory. This is the kind of flaw that leads to crashes at best, or security exploits at worst. Thus, IMHO, it is not acceptable to set -D_FORTIFY_SOURCE=0. You'd be building known broken, potentially insecure binaries. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- packaging mailing list packaging@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/packaging
[Home] [Fedora Legacy] [Fedora Desktop] [Red Hat 9 Bible] [Fedora Bible] [Fedora SELinux] [Big List of Linux Books] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools]