Date: Mon, 19 Jun 2017 14:52:03 -0400 From: Daniel Micay <danielmicay@...il.com> To: oss-security@...ts.openwall.com Subject: Re: Re: Qualys Security Advisor -- The Stack Clash On Mon, 2017-06-19 at 11:26 -0600, Jeff Law wrote: > I would consider those two GCC BZs (68065, 66479) a separate an > distinct > issue. > > It is far more important to address design issues around the existing > -fstack-check first. I think we've got a pretty good handle on how to > address those problems and discussions with the upstream GCC community > have already started. > > In an ideal world we'll get to a place where the new -fstack-check > does > not change program semantics, never misses probes and is efficient > enough to just turn on and forget everywhere. The existing > -fstack-check fails all three of those criteria. > > Jeff AFAIK, the main efficiency issue (reserving a register) was fixed for GCC 6. I might be missing something but it seems very cheap now, at least for x86_64. It definitely doesn't really work though. Is there an example of it changing program semantics? I haven't seen anything since the generic arch stuff was fixed.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ