oss-sec mailing list archives
Re: Qualys Security Advisor -- The Stack Clash
From: Jeff Law <law () redhat com>
Date: Mon, 19 Jun 2017 11:26:35 -0600
I would consider those two GCC BZs (68065, 66479) a separate an distinct issue. It is far more important to address design issues around the existing -fstack-check first. I think we've got a pretty good handle on how to address those problems and discussions with the upstream GCC community have already started. In an ideal world we'll get to a place where the new -fstack-check does not change program semantics, never misses probes and is efficient enough to just turn on and forget everywhere. The existing -fstack-check fails all three of those criteria. Jeff
Current thread:
- Re: Qualys Security Advisor -- The Stack Clash Jeff Law (Jun 19)
- Re: Re: Qualys Security Advisor -- The Stack Clash Daniel Micay (Jun 19)
- Re: Re: Qualys Security Advisor -- The Stack Clash Jeff Law (Jun 19)
- Re: Re: Qualys Security Advisor -- The Stack Clash Daniel Micay (Jun 19)
- Re: Re: Qualys Security Advisor -- The Stack Clash Jeff Law (Jun 21)
- Re: Re: Qualys Security Advisor -- The Stack Clash Daniel Micay (Jun 21)
- Re: Re: Qualys Security Advisor -- The Stack Clash Szabolcs Nagy (Jun 23)
- Re: Re: Qualys Security Advisor -- The Stack Clash Jeff Law (Jun 19)
- Re: Re: Qualys Security Advisor -- The Stack Clash Daniel Micay (Jun 19)