Malte S. Stretz wrote: > Is there any chance to get some fix for the bugs 66553/65892 into one of > the next releases?
Seconded, please :) The ssp __guard_setup function shouldn't call overloadable symbols, and for my money neither should the __stack_smash_handler function (I think - but haven't proven - that preloading could be used to subvert ssp to successfully exploit overruns in suid bins that ssp would otherwise have foiled). The example on bug 65892 illustrates the problem with a trivial example; bug 66553 shows a real situation. Although pappy was working on this, according to the latest GWN he's left Gentoo so perhaps we could go with something like what we have on 65892 for now? There's been no activity on the bugs for a couple of weeks - as solar said, more input is needed from all arches; this test-request phase for glibc sounds like a good opportunity to get that without causing any trouble (or needing another test phase later). -- [email protected] mailing list
