March 20, 2009

These patches against glibc-2.9 have been contributed by Raymond Russel raymond corvil com.

Filename type length md5sum
glibc-2.9-audit.patches.tar.gz .tgz patch archive 19295 40e9890750014c9da7331ab8ec91cb3c

January 1, 2008

The patches have been updated to glibc-2.6-4 and glibc-2.7-2.

Filename type length md5sum
glibc-2.7-2.audit.patches.tgz .tgz patch archive 18728 37be54ecf6251f501b66983bb253cbcc
glibc-2.7-2.audit.i686.rpm binary 8560595 2243c2ead4a81d9015641c5c2fb79d88
glibc-2.7-2.audit.x86_64.rpm binary 5064467 2b5c0813e0a44c96821afbc193821065
glibc-2.7-2.audit.src.rpm source 16102632 cf2e0548cd351e24364c113765631960
glibc-2.6-4.audit.patches.tgz .tgz patch archive 18845 800f46a1cca936cdb468d1a92e588f06
glibc-2.6-4.audit.i686.rpm binary 5556430 92e5b6fbef9de0a942d4339ca42e24b6
glibc-2.6-4.audit.x86_64.rpm binary 4922419 fe2e7dbf5ff0243a26d57ba64ce7b7a6
glibc-2.6-4.audit.src.rpm source 16027865 fa2402f76d37b02b24a0b2be1cd3e4ce
md5sum.out text 1523

January 26, 2007

The patches have been updated to glibc-2.5-10.

Filename type length md5sum
glibc-2.5-10.audit.patches.tgz .tgz patch archive 18748 9203b054d17763a6bf87b2efdc5639d4
glibc-2.5-10.audit.i686.rpm binary 4524331 4fd6cf03bd11a2ddb528a15f4f6fb703
glibc-2.5-10.audit.x86_64.rpm binary 4879452 ede7a35b4f48606152410acd486b6a94
glibc-2.5-10.audit.ppc.rpm binary 7604770 ddd7ea18430fc786aa44b015282f13a9
glibc-2.5-10.audit.src.rpm source 16026707 9125afc9c6266bf01f6be5b861bd6f29
md5sum.out text 1027

March 16, 2006

The patches have been updated to glibc-2.4-4. In binary .rpm for i686, x86_64, and ppc the third argument to the __NR_open syscall is zeroed unless O_CREAT is present in the second argument to the open() function. This prevents an information security leak from user code into the kernel. Also, a bug in was fixed to enable gdb to function correctly under stop-on-solib-events. See

Filename type length md5sum
glibc-2.4-4.audit.patches.tgz .tgz patch archive 19507 4f0d144685fe86e226f0d0ca4743b972
glibc-2.4-4.audit.i686.rpm binary 4388779 c72470580af5dcea47b6e36945a862b8
glibc-2.4-4.audit.x86_64.rpm binary 4810339 6dff62ed98c885a58d40ecf7269a2dd3
glibc-2.4-4.audit.ppc.rpm binary 5124620 009ce9bd86c63b15f0351c1a5b6b0710
glibc-2.4-4.audit.src.rpm source 15466547 915c34cebbc4dda0c6a5304ece307c3b
md5sum.out text 714

February 1, 2006

The patches have been updated to glibc-2.3.90-30.

Filename type length md5sum
glibc-2.3.90-30.audit.patches.tgz .tgz patch archive 17442 a685fb446f07b477ed7ffaf4949e0ddf
glibc-2.3.90-30.audit.i686.rpm binary 4362993 4ff7afd950d0ca6c3a2bdce837381b59
glibc-2.3.90-30.audit.src.rpm source 15484590 649243a329e0f4a875b7c2ab3d60c9cd

April 17, 2005

The patches have been updated to glibc-2.3.5-0.fc3.1.

Filename type length md5sum
glibc-2.3.5-0.fc3.1.audit.patches.tgz .tgz patch archive 17788 71250bd4dd40af13e224bebe251b2fba
glibc-2.3.5-0.fc3.1.audit.i686.rpm binary 5326291 908dea4fac084100ee42f76185f88b4f
glibc-2.3.5-0.fc3.1.audit.src.rpm source 14126767 6fc01541484f354ab0f6969663da29a4
md5sum.out text 209

December 5, 2004
The patches have been updated to glibc-2.3.3-74, with special attention to the POSIX timer routines.  timer_create() no longer leaks 48 bytes of random information from a user process into the kernel.  Also, _dl_relocate_object() in has been made visible because it is one of the keys to a successful audit.  This pass found two new bugs in glibc: in strtold(), and in fnmatch().

January 17, 2004
The patches have been updated to glibc-2.3.2-101.4, with the recently-revised regex implementation receiving special attention.  The patches themselves have been separated into three groups by subject: third argument to open(), r_brk enhancement, and uninitialized don't-care values.

April 27, 2003
glibc-audit is a modified glibc for application developers who check their code with an automatic memory access checker such as Purify, Insure++, or memcheck (valgrind).  glibc-audit has been audited and cleaned up so that reports from the developer's use of a memory access checker are more likely to be interesting to the developer, with less "noise" from the C library itself.  Typically, glibc-audit initializes all of its local variables and structs before use.  Ordinary glibc uses uninitialized dummy variables that are "don't-care" to its logic but reported by the memory access checker.

Also, the r_debug.r_brk protocol has been enhanced to co-operate with a co-resident auditor.  If the auditor sets .r_brk, then the runtime loader will call the auditor directly whenever a shared library event occurs.  This is much more convenient than using breakpoints.  By default the old breakpoint protocol works just like before.  The new protocol is binary compatible with the old on machines where a pointer to a function is the same size as an ordinary pointer.  Platforms where a pointer to a function is larger (such as HP-PA RISC, Alpha processor, or PowerPC) are not binary backward compatible, and will have to increment r_debug.r_version.  Exising clients (such as gdb) also will see an ignorable type mismatch error when they are built. But for now, it is worth more not to antagonize gdb at runtime on x86.

The patch modifies 91 files.  Compared to glibc-2.3.2-27.9, the additional code occupies 18 more bytes of .text, and 24 fewer bytes in the .so.  On a nano-scopic scale, the typical execution cost is 0 to 3 CPU cycles per affected routine; the estimated median total impact is less than 1 second per machine per day.  In the case of *printf(), glibc-audit is faster than glibc because the cleaned-up source helps gcc-3.2 avoid generating atrocious code when initializing for parse_one_spec() in stdio-common/printf-parse.h.

Glibc-audit was constructed by running a memory access checker on the internal testcases of glibc, then analyzing the reported errors and modifying the source.  The process revealed 10 memory access bugs in glibc-2.3.2-11.9.  Seven were fixed in glibc-2.3.2-27.9, two more have been fixed in CVS, and one is a design flaw that probably will not be fixed.

Predecessor patches to glibc-audit-1 were submitted to the glibc project, but those patches were ignored [user "guest", password "guest"], declined, or rejected. There is enough improvement in usability and reliability to publish glibc-audit-1 separately.

Like glibc, the patch for glibc-audit-1 is licensed under the GNU Lesser General Public License (LGPL v2.1).  The unmodified glibc-2.3.2-27.9.src.rpm is available from RedHat mirrors.  rpmbuild -ba --target i686 took about 4 hours and 2.5GB of disk space on a machine with 1.1GHz CPU, 384MB RAM, UDMA100 disk.