Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: David Wagner (dawmozart.cs.berkeley.edu)
Date: Wed Nov 14 2001 - 06:52:45 CST
I agree it would be fantastic to have a small, simple, well-audited
libc to use with security-critical programs, and quite possibly diet
is that libc. However, one small note:
Felix von Leitner wrote:
>The diet libc contains some clever trickery with ELF weak symbols to
>reduce memory footprint, which I would have a hard time porting to
>glibc. For example, programs do not call exit but _exit if they don't
>reference atexit. stdio deinitialization is done via atexit. atexit
>does not reference malloc. printf only uses stdio if it's already
>linked in, otherwise it uses write() directly. Stuff like that.
This does not sound good from a security point of view. All these
optimizations are just asking for subtle bugs that only occur in
certain rare (untested) configurations, or somesuch, it seems to me.
I'm concerned that here you may be optimizing for space at the cost of
simplicity, reliability, and security.