Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 19 Jun 2017 14:52:03 -0400
From: Daniel Micay <danielmicay@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Re: Qualys Security Advisor -- The Stack Clash

On Mon, 2017-06-19 at 11:26 -0600, Jeff Law wrote:
> I would consider those two GCC BZs (68065, 66479) a separate an
> distinct
> issue.
> 
> It is far more important to address design issues around the existing
> -fstack-check first.  I think we've got a pretty good handle on how to
> address those problems and discussions with the upstream GCC community
> have already started.
> 
> In an ideal world we'll get to a place where the new -fstack-check
> does
> not change program semantics, never misses probes and is efficient
> enough to just turn on and forget everywhere.  The existing
> -fstack-check fails all three of those criteria.
> 
> Jeff

AFAIK, the main efficiency issue (reserving a register) was fixed for
GCC 6. I might be missing something but it seems very cheap now, at
least for x86_64. It definitely doesn't really work though.

Is there an example of it changing program semantics? I haven't seen
anything since the generic arch stuff was fixed.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ