From: Alexander Monakov <amonakov@ispras.ru>
To: musl@lists.openwall.com
Subject: Re: Removing stupid, spurious UB in stdio (bikeshed time)
Date: Wed, 27 Apr 2016 21:39:28 +0300 (MSK) [thread overview]
Message-ID: <alpine.LNX.2.20.1604272131050.18843@monopod.intra.ispras.ru> (raw)
In-Reply-To: <20160427181745.GT21636@brightrain.aerifal.cx>
On Wed, 27 Apr 2016, Rich Felker wrote:
> > > I think a good place to start might be coming up with and documenting a
> > > clear model for how stdio's buffer internals are supposed to work, what
> > > operations are allowed, what invariants hold, etc. based on the above
> > > analysis of current UB issues and what the code is doing.
> >
> > would be nice to have; you recently noted that setvbuf has restrictions,
> > and if there are other non-obvious stuff (especially if musl-specific),
> > having it written down should be useful.
>
> Are you talking about the C-standard-imposed restriction that you can
> only use setvbuf as the first operation on a new FILE? Or something
> else I said that I'm not remembering?
I had in mind your "Non-stub setvbuf" post; "restrictions" was a poor choice
of wording on my part, I guess:
[ quoting from http://www.openwall.com/lists/musl/2016/01/17/1 ]
> Right now, musl's stdio setvbuf function does nothing but set the
> buffering mode; it does not honor the buffer provided by the caller.
> This is perfectly conforming (whether or how the buffer is used is
> unspecified), but I realized from the recent thread about OpenSSH's
> CVE-2016-0777 on oss-security that a non-stub setvbuf admits a nice
> type of hardening:
>
> http://www.openwall.com/lists/oss-security/2016/01/15/15
>
> In short, the application has no way to scrub implementation-internal
> stdio buffers that might contain sensitive data read from or written
> to files, but it can scrub buffers it provides via setvbuf. So, I'd
> like to start actually using the latter, so that apps that attempt
> this hardening measure can benefit from it on musl like they would on
> other implementations.
Alexander
prev parent reply other threads:[~2016-04-27 18:39 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-26 22:18 Rich Felker
2016-04-27 7:56 ` Alexander Monakov
2016-04-27 18:17 ` Rich Felker
2016-04-27 18:39 ` Alexander Monakov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LNX.2.20.1604272131050.18843@monopod.intra.ispras.ru \
--to=amonakov@ispras.ru \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).