the sorry saga of the talloc soname 'fix'

tridge at samba.org tridge at samba.org
Sat Jul 4 01:48:36 GMT 2009


Hi again,

I forgot to mention one more problem with what Simo has now setup,
just in case you are now tempted to remove Metze's magic number check
as a way to 'fix' the problem I pointed out in my last email.

The fix for the bug that started this whole discussion also involved a
change to the internal struct talloc_reference_handle. By changing the
.so number this change was safe, as the linker and package manager
(plus Metze's paranoia patch!) will ensure they aren't mixed at
runtime.

But now that Simo has reverted that change and thus explicitly allowed
the old code and the new code to reside in the same running process,
we will be mixing the old structure with the new one. This means we at
minimum will get valgrind errors where we reference memory beyond the
end of the allocated structure. I wonder if it is even an exploitable
security hole?

So yes, congratulations all round are in order. You've just overridden
the talloc package maintainer by introducing real bugs, made us
non-portable, introduced silent and difficult to track failures of
applications, broken the ABI promises, lied to the distro package
managers and loader and generally had a great time. But at least we
haven't brought the good name of free software into disrepute by
using up a precious .so number, so it was all worth it.

Cheers, Tridge


More information about the samba-technical mailing list