Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 19 Jun 2017 14:52:03 -0400
From: Daniel Micay <danielmicay@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Re: Qualys Security Advisor -- The Stack Clash

On Mon, 2017-06-19 at 11:26 -0600, Jeff Law wrote:
> I would consider those two GCC BZs (68065, 66479) a separate an
> distinct
> issue.
> 
> It is far more important to address design issues around the existing
> -fstack-check first.  I think we've got a pretty good handle on how to
> address those problems and discussions with the upstream GCC community
> have already started.
> 
> In an ideal world we'll get to a place where the new -fstack-check
> does
> not change program semantics, never misses probes and is efficient
> enough to just turn on and forget everywhere.  The existing
> -fstack-check fails all three of those criteria.
> 
> Jeff

AFAIK, the main efficiency issue (reserving a register) was fixed for
GCC 6. I might be missing something but it seems very cheap now, at
least for x86_64. It definitely doesn't really work though.

Is there an example of it changing program semantics? I haven't seen
anything since the generic arch stuff was fixed.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.