"Daniel P. Berrange" <berrange@xxxxxxxxxx> writes: > On Tue, Jan 10, 2012 at 11:25:39AM +0100, Robert Scheck wrote: >> Would -D_FORTIFY_SOURCE=0 be acceptable until the code is rewritten? > As Tom pointed out, if you override FD_SETSIZE with glibc, this has > no effect on the size of the 'fd_set' struct. So any attempt to > actually store a larger number of FDs will be writing outside > the bounds of the struct. ie it will be corrupting heap/stack > memory. This is the kind of flaw that leads to crashes at best, > or security exploits at worst. Perhaps a more reliable workaround would be to patch in some code at program start that reduces the soft limit on number of open files to 1K or less (see setrlimit(RLIMIT_NOFILE)). This would presumably reduce performance by some fractional amount, but that seems better than the unsafe behavior you're looking at now. regards, tom lane -- packaging mailing list packaging@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/packaging
