Boost :

Subject: Re: [boost] [stacktrace] Partial review
From: Florian Weimer (fw_at_[hidden])
Date: 2017-03-27 11:19:34

• Next message: Vinnie Falco: "Re: [boost] NuDB: A fast key/value insert-only database for SSD drives in C++11"
• Previous message: Adam Majer: "Re: [boost] [release] Boost 1.64.0 Beta 1"
• In reply to: Antony Polukhin: "Re: [boost] [stacktrace] Partial review"
• Next in thread: Antony Polukhin: "Re: [boost] [stacktrace] Partial review"
• Reply: Antony Polukhin: "Re: [boost] [stacktrace] Partial review"

* Antony Polukhin:

>> addr2line_pipe uses execvp, which could lead to evaluation of the PATH
>> variable from programs which underwent an AT_SECURE transition (e.g.,
>> SUID programs), which could lead to privilege escalation issues.
>
> I'm providing an absolute path to the executable, so there must be no
> PATH evaluation. Am I missing something?

I'm talking about this:

        char prog_name[] = "addr2line";

As far as I can see, this is not just used as the argv[0] argument,
but also as the program to execute.

>> With inlining, a single stack frame can expand to a list of source
>> locations (reflecting the inlineed call stack). The current design
>> does not take that into account.
>
> I've found no system API to get multiple locations. So the Stacktrace
> API is designed to have at most 1 location.

addr2line can optionally resolve inlining information. The additional
frames come from the DWARF data.

• Next message: Vinnie Falco: "Re: [boost] NuDB: A fast key/value insert-only database for SSD drives in C++11"
• Previous message: Adam Majer: "Re: [boost] [release] Boost 1.64.0 Beta 1"
• In reply to: Antony Polukhin: "Re: [boost] [stacktrace] Partial review"
• Next in thread: Antony Polukhin: "Re: [boost] [stacktrace] Partial review"
• Reply: Antony Polukhin: "Re: [boost] [stacktrace] Partial review"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk