Re: Override with -D_FORTIFY_SOURCE=0 as workaround allowed?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

"Daniel P. Berrange" <berrange@xxxxxxxxxx> writes:
> On Tue, Jan 10, 2012 at 11:25:39AM +0100, Robert Scheck wrote:
>> Would -D_FORTIFY_SOURCE=0 be acceptable until the code is rewritten?

> As Tom pointed out, if you override FD_SETSIZE with glibc, this has
> no effect on the size of the 'fd_set' struct. So any attempt to
> actually store a larger number of FDs will be writing outside
> the bounds of the struct. ie it will be corrupting heap/stack
> memory. This is the kind of flaw that leads to crashes at best,
> or security exploits at worst.

Perhaps a more reliable workaround would be to patch in some code at
program start that reduces the soft limit on number of open files to
1K or less (see setrlimit(RLIMIT_NOFILE)).  This would presumably
reduce performance by some fractional amount, but that seems better
than the unsafe behavior you're looking at now.

			regards, tom lane
packaging mailing list

[Home]     [Fedora Legacy]     [Fedora Desktop]     [Red Hat 9 Bible]     [Fedora Bible]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]

Powered by Linux