On Wed, Mar 05, 2008 at 03:21:43PM -0800, David Daney wrote:
quoted text
> Olivier Galibert wrote:
> >On Wed, Mar 05, 2008 at 10:43:33PM +0100, Michael Matz wrote:
> >>FWIW I don't think it's a release blocker for 4.3.0.  The error is arcane 
> >>and happens seldomly if at all.  And only on unfixed kernels.  A program 
> >>needs to do std explicitely, which most don't do _and_ get hit by a 
> >>signal while begin in a std region.  This happens so seldom that it 
> >>didn't occur in building the next openSuSE 11.0, and it continually 
> >>builds packages with 4.3 since months.
> >
> >How would you know whether it has happened?
> >
> 
> The same way you do with other bugs: You would observe unexpected behavior.
>
> In this case probably either corrupted memory or a SIGSEGV.

So that probably means the programs you use for compiling packages
probably aren't hit.  Doesn't mean the packages you've compiled with
it aren't hit.  Compiling packages doesn't test what's in them at all.

It's extremely rare, no doubt about it.  It's just that it *yells*
security issue in the making.  It's not a source bug, i.e. not easily
reviewable.  It's related to signal handlers which are the mark of a
server and/or more failure-conscious program than usual.  It's obscure
(breaking a stringop, probably memset, or a not-paranoid-enough inline
asm in a signal handler through a running memmove in the main program,
oh my) but reasonably predictable for someone looking for an
exploitable flaw.

It's gcc's job to adapt to the realities of its running environment,
not the other way around.

  OG.

--
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/