From: Siddhesh Poyarekar <siddhesh@gotplt.org>
To: Vincent Lefevre <vincent@vinc17.net>,
Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>,
Xi Ruoyao <xry111@xry111.site>,
Turritopsis Dohrnii Teo En Ming <teo.en.ming@protonmail.com>,
"libc-alpha@sourceware.org" <libc-alpha@sourceware.org>,
"ceo@teo-en-ming-corp.com" <ceo@teo-en-ming-corp.com>
Subject: Re: New GNU C Library (glibc) security flaw reported on 30 Jan 2024
Date: Wed, 31 Jan 2024 11:44:54 -0500 [thread overview]
Message-ID: <4a43166a-2101-4253-a7f7-52f05fee2037@gotplt.org> (raw)
In-Reply-To: <20240131162302.GC2102@cventin.lip.ens-lyon.fr>
On 2024-01-31 11:23, Vincent Lefevre wrote:
> If this was intentional, users may already use such a nontransitive
> comparison function. If this was not intentional, this shows that
> the problem is not obvious and that users less experienced than the
> glibc developers may fall in such a trap. So, in addition to make
> the glibc manual clear on the subject, I think that the library
> should handle such cases gracefully rather than considering that
> such cases will never occur. For instance, this could be just an
> indeterminate ordering. Or if the goal is to warn the user about
> the issue (in case it is detected), an assertion failure instead
> of indeterminate ordering.
>
The advisory[1] has a statement on behalf of the glibc security team,
reproduced here for convenience:
~~~
This memory corruption in the GNU C Library through the qsort function
is invoked by an application passing a non-transitive comparison
function, which is undefined according to POSIX and ISO C standards. As
a result, we are of the opinion that the resulting CVE, if any, should
be assigned to any such calling applications and subsequently fixed by
passing a valid comparison function to qsort and not to glibc. We
however acknowledge that this is a quality of implementation issue and
we fixed this in a recent refactor of qsort. We would like to thank
Qualys for sharing their findings and helping us validate our recent
changes to qsort.
~~~
Hopefully this addresses your concern; the current glibc implementation
*is* robust to these issues (the advisory explicitly calls that out) but
the manual also needs to be fixed so that we don't give the incorrect
impression that this is a GNU extension.
Thanks,
Sid
[1] https://www.qualys.com/2024/01/30/qsort.txt
next prev parent reply other threads:[~2024-01-31 16:45 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-31 14:08 New GNU C Library (glibc) security flaw reported on 30 Jan 2024 Turritopsis Dohrnii Teo En Ming
2024-01-31 14:23 ` Xi Ruoyao
2024-01-31 14:55 ` Vincent Lefevre
2024-01-31 15:52 ` Adhemerval Zanella Netto
2024-01-31 16:23 ` Vincent Lefevre
2024-01-31 16:44 ` Siddhesh Poyarekar [this message]
2024-01-31 18:47 ` Xi Ruoyao
2024-02-01 0:51 ` Vincent Lefevre
2024-02-01 1:03 ` Vincent Lefevre
2024-02-01 6:41 ` Xi Ruoyao
2024-02-01 9:07 ` Vincent Lefevre
2024-02-01 19:55 ` Paul Eggert
2024-02-01 21:11 ` Siddhesh Poyarekar
2024-02-05 0:58 ` Paul Eggert
2024-02-06 15:00 ` Zack Weinberg
2024-02-06 21:30 ` Paul Eggert
2024-02-06 22:04 ` Xi Ruoyao
2024-02-07 17:07 ` Zack Weinberg
2024-02-07 19:55 ` Alexander Monakov
2024-02-07 20:45 ` Zack Weinberg
2024-02-07 21:53 ` Alexander Monakov
2024-02-07 22:56 ` Paul Eggert
2024-04-06 17:17 ` Paul Eggert
2024-04-08 8:28 ` Florian Weimer
2024-04-22 14:39 ` Zack Weinberg
2024-04-23 18:09 ` Paul Eggert
2024-04-23 18:26 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/libc/involved.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4a43166a-2101-4253-a7f7-52f05fee2037@gotplt.org \
--to=siddhesh@gotplt.org \
--cc=adhemerval.zanella@linaro.org \
--cc=ceo@teo-en-ming-corp.com \
--cc=libc-alpha@sourceware.org \
--cc=teo.en.ming@protonmail.com \
--cc=vincent@vinc17.net \
--cc=xry111@xry111.site \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).