This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Ensure __libc_message does not blindly write toSTDERR_FILENO.


  Hi!

  Thanks. This seems quite nasty also if fd 2 is some file to which
we shouldn't write blindly.

On Mon, Apr 16, 2012 at 09:20:52AM +0000, William Pitcock wrote:
> [BZ #13983]
> * sysdeps/posix/libc_fatal.c (__libc_message): In the event that
>   stderr has been closed using fclose(), we should not try to use
>   STDERR_FILENO.
>   Doing so may result in blind private information leaks.
> * sysdeps/unix/sysv/linux/libc_fatal.c (__libc_message): Likewise.
> 
> Signed-off-by: William Pitcock <nenolod@dereferenced.org>

  The current policy is that ChangeLog should describe only literal
changes while the commit message describes the point of the change
and reasoning behind it. So maybe something like:

* sysdeps/posix/libc_fatal.c (__libc_message): Do not write to stderr
  if it does not correspond to STDERR_FILENO, use vsyslog() instead.

On Mon, Apr 16, 2012 at 11:41:13AM +0200, Marek Polacek wrote:
> > +     is -1.  We *must* use _IO_stderr and not stderr, as stderr can be overriden
> > +     by the application. */
> 
> Two spaces after `.'.

  What's wrong with them?

-- 
				Petr "Pasky" Baudis
	Smart data structures and dumb code works a lot better
	than the other way around.  -- Eric S. Raymond


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]