oss-sec mailing list archives

Re: CVE Request coreutils

From: Florian Weimer <fweimer () redhat com>
Date: Wed, 23 Jan 2013 08:51:58 +0100

On 01/22/2013 04:47 PM, Vincent Danen wrote:

Do you believe this would be the case with modern GCC/Glibc hardening
though?  Wouldn't this just be rendered a crash?

Catching this reliably needs compiling with -fstack-check, which iscurrently not among commonly used hardening flags. The generated codeused to be rather buggy, too.


--
Florian Weimer / Red Hat Product Security Team

Current thread:

Re: CVE Request coreutils, (continued)
- - Re: CVE Request coreutils Kurt Seifried (Jan 21)
  - Re: CVE Request coreutils Matthias Weckbecker (Jan 22)
    - Re: CVE Request coreutils Kurt Seifried (Jan 23)
- Re: CVE Request coreutils Moritz Muehlenhoff (Jan 21)
  - Re: CVE Request coreutils Vincent Danen (Jan 21)
    - Re: CVE Request coreutils Kurt Seifried (Jan 21)
    - Re: CVE Request coreutils Sebastian Krahmer (Jan 21)
    - Re: CVE Request coreutils Vincent Danen (Jan 22)
    - Re: CVE Request coreutils Sebastian Krahmer (Jan 22)
    - Re: CVE Request coreutils Vincent Danen (Jan 23)
    - Re: CVE Request coreutils Florian Weimer (Jan 22)
    - Re: CVE Request coreutils Florian Weimer (Jan 22)
  - Re: CVE Request coreutils Sebastian Krahmer (Jan 22)