After six months of development published the release of the system library gnu C Library (Glibc) 2.39 , which fully follows the requirements of ISO C11 and Posix.1-2017 standards. The new issue includes corrections from 67 developers.
from the 2.39 improved can be noted :
- Support for the shadow stack ( Shadow Stack ), which appeared in the Linux 6.6 core and allows you to block the work of many exploits using hardware The possibilities of Intel processors to protect against rewriting the return address from the function in case of overflow of the buffer in the stack. The essence of the defense is that after transmitting the function of the function, the return addresses are preserved by the processor not only in ordinary stack, but also in a separate “shadow” stack that cannot be changed directly. Before leaving the function, the return address is extracted from the shadow stack and is verified with the address of the return from the main stack. The mismatch of addresses leads to the generation of an exception that blocks the situation when the exploit managed to rewrite the address in the main stack. To turn on the assembly option “–enable-cet”.
- Добавлен новый заголовочный файл , определённый в черновике стандарта ISO C2X и включающий функции stdc_leading_zeros, stdc_leading_ones, stdc_trailing_zeros, stdc_trailing_ones, stdc_first_leading_zero, stdc_first_leading_one, stdc_first_trailing_zero, stdc_first_trailing_one, stdc_count_zeros, stdc_count_ones, stdc_has_single_bit, stdc_bit_width, stdc_bit_floor and stdc_bit_ceil в вариантах с типами “unsigned Char “,” Unsigned Short “,” Unsigned Int, “Unsigned Long Intro” and “Unsigned Long Long Int.”
- Linux platform Functions Posix_SpAWNATTR_GETCGROUP_NP and Posix_SpAWNATTR_SETCGROUP_NP are implemented, as well as the Posix_Spawn_SetcGroup flag, which allow you to configure CGROUPV2 in the new process using POSIX_SPAWN functions and posix_spawnp, excluding the occurrence of the condition of the race. Functions are GNU extensions and require the presence of Linux nucleus with the support of the CLONE3 system call.
- Linux platforms are implemented PIDFD_SPAWN and PIDFD_SPAWP functions, which are close to the semantics to the Posix_Spawn function, but are not returned to the process identifier (PID), but a file descriptor for use in the functions that support the PIDFD mechanism, such as pidfd_send_Send_SIGNAL, POL. L and Waitid (PIDFD It is associated with a specific process and does not change, while PID can be attached to another process after the completion of the current process associated with this PID).
/Reports, release notes, official announcements.