[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-devel-list
Subject: Re: Layering an IDS on Linux - prepwork
From: Steve G <linux_4ever () yahoo ! com>
Date: 2007-08-05 15:12:38
Message-ID: 916683.70314.qm () web51510 ! mail ! re2 ! yahoo ! com
[Download RAW message or body]
> abort() is the traditional way to abort a program when an assertion
> fails (developers might need the core file in that case),
Which is ok in the debug case. For a production webserver its a different story.
> and SIGABRT terminations are very unlikely to be caused by buffer overflows and
> similar attacks.
Turns out that is the way that glibc stops programs when FORTIFY_SOURCE sees a
runtime error. :) So, it could signal a real attack.
> Changing all software to use some other mechanism to report assertion
> failure is completely impractical (even the POSIX standard requires
> assert() to call abort() on failures); besides, what alternative
> mechanism is available?
I think assert is only valid when NDEBUG is defined. So, there is a way for it to
be used for debugging apps which is legit. And it magically disappears when
compiled for production use.
I've only seen a handful of programs that seem to be calling abort(). So, its not
a rampant problem.
Thanks,
-Steve
____________________________________________________________________________________Ready \
for the edge of your seat? Check out tonight's top picks on Yahoo! TV.
http://tv.yahoo.com/
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic