Layering an IDS on Linux - prepwork
Miloslav Trmac
mitr at volny.cz
Sun Aug 5 15:29:00 UTC 2007
Steve G napsal(a):
>> abort() is the traditional way to abort a program when an assertion
>> fails (developers might need the core file in that case),
> Which is ok in the debug case. For a production webserver its a different story.
Even in production code it is useful to abort() in "can't happen"
branches. The cost of the additional code is negligible.
>> and SIGABRT terminations are very unlikely to be caused by buffer overflows and
>> similar attacks.
> Turns out that is the way that glibc stops programs when FORTIFY_SOURCE sees a
> runtime error. :) So, it could signal a real attack.
True, I have completely forgotten about this.
>> Changing all software to use some other mechanism to report assertion
>> failure is completely impractical (even the POSIX standard requires
>> assert() to call abort() on failures); besides, what alternative
>> mechanism is available?
> I think assert is only valid when NDEBUG is defined. So, there is a way for it to
> be used for debugging apps which is legit. And it magically disappears when
> compiled for production use.
It's the other way around: assert()s are checked unless NDEBUG is defined.
Mirek
More information about the devel
mailing list