Steve G napsal(a): >> abort() is the traditional way to abort a program when an assertion >> fails (developers might need the core file in that case), > Which is ok in the debug case. For a production webserver its a different story. Even in production code it is useful to abort() in "can't happen" branches. The cost of the additional code is negligible. >> and SIGABRT terminations are very unlikely to be caused by buffer overflows and >> similar attacks. > Turns out that is the way that glibc stops programs when FORTIFY_SOURCE sees a > runtime error. :) So, it could signal a real attack. True, I have completely forgotten about this. >> Changing all software to use some other mechanism to report assertion >> failure is completely impractical (even the POSIX standard requires >> assert() to call abort() on failures); besides, what alternative >> mechanism is available? > I think assert is only valid when NDEBUG is defined. So, there is a way for it to > be used for debugging apps which is legit. And it magically disappears when > compiled for production use. It's the other way around: assert()s are checked unless NDEBUG is defined. Mirek -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
