On 05/08/09 11:58, Richard W.M. Jones wrote:
On Wed, Aug 05, 2009 at 11:45:02AM +0100, Matthew Booth wrote:
> I've updated the patch. It's now in regressions, and checks both
> libguestfs.so and the guest daemon. It occurs to me that it's the
> daemon that's would get an executable stack from the specific patch
> I posted the other day. However, would this actually matter
> specifically for the daemon?
Duh yes, you're right. I was checking the wrong executable.
$ readelf -l daemon/guestfsd
[...]
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RWE 8
So your patch *does* make the daemon stack executable.
Does it matter for the daemon? Probably yes. We should avoid
allowing code to be injected into the appliance. For example if there
was a malicious string which was passed into libguestfs from user
input, then the additional stack guards would be our last line of
defence.
Also rpmlint will give a warning about this.
NAK I'm afraid. However just hoisting those functions out so they are
not nested should make it OK. Don't forget the other two things I
raised in the original review.
Just to confirm, that NAK is for the original patch, not for this patch?
Agree I'll update the original patch not to use nested function.
Matt
--
Matthew Booth, RHCA, RHCSS
Red Hat Engineering, Virtualisation Team
M: +44 (0)7977 267231
GPG ID: D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490