Review Rules and staticly linked packages agains dietlibc
Enrico Scholz
enrico.scholz at informatik.tu-chemnitz.de
Fri Feb 24 14:07:38 UTC 2006
mitr at volny.cz (Miloslav Trmac) writes:
>> 'malloc' and 'free' are the only higher level functions, all other
>> functions are simple syscall wrappers and ARE implemented unexploitable
>> (the related code are perhaps 20 assembly lines). It is right that the
>> dietlibc 'malloc(3)' implementation suffered the known integer overflow
>> some time ago. But in the meantime, the related 162 lines of code in
>> dietlibc have been reviewed several times so it can be assumed as
>> error-free.
> Even assuming that it is correct in the current version, there is no
> reason to assume there won't be introducted any new bugs. Will you be
> reviewing every new release of dietlibc to verify that there were no
> bugs in malloc introduced or fixed?
Yes, I will (which is not very difficultly due to the minimal code size).
> If ipsvd dynamically links to glibc, the ipsvd maintainer doesn't
> have to watch for dietlibc changes;
ipvsd is designed for 'dietlibc' (malloc() and friends are the only
higher level functions, the other imported functions are pure syscall
wrappers). So would not need to take care about dietlibc changes
neither.
Enrico
More information about the fedora-extras-list
mailing list