Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 19 Jun 2017 11:26:35 -0600
From: Jeff Law <law@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: Qualys Security Advisor -- The Stack Clash


I would consider those two GCC BZs (68065, 66479) a separate an distinct
issue.

It is far more important to address design issues around the existing
-fstack-check first.  I think we've got a pretty good handle on how to
address those problems and discussions with the upstream GCC community
have already started.

In an ideal world we'll get to a place where the new -fstack-check does
not change program semantics, never misses probes and is efficient
enough to just turn on and forget everywhere.  The existing
-fstack-check fails all three of those criteria.

Jeff

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ