oss-sec mailing list archives
Re: CVE Request coreutils
From: Florian Weimer <fweimer () redhat com>
Date: Wed, 23 Jan 2013 08:51:58 +0100
On 01/22/2013 04:47 PM, Vincent Danen wrote:
Do you believe this would be the case with modern GCC/Glibc hardening though? Wouldn't this just be rendered a crash?
Catching this reliably needs compiling with -fstack-check, which is currently not among commonly used hardening flags. The generated code used to be rather buggy, too.
-- Florian Weimer / Red Hat Product Security Team
Current thread:
- Re: CVE Request coreutils, (continued)
- Re: CVE Request coreutils Kurt Seifried (Jan 21)
- Re: CVE Request coreutils Matthias Weckbecker (Jan 22)
- Re: CVE Request coreutils Kurt Seifried (Jan 23)
- Re: CVE Request coreutils Moritz Muehlenhoff (Jan 21)
- Re: CVE Request coreutils Vincent Danen (Jan 21)
- Re: CVE Request coreutils Kurt Seifried (Jan 21)
- Re: CVE Request coreutils Sebastian Krahmer (Jan 21)
- Re: CVE Request coreutils Vincent Danen (Jan 22)
- Re: CVE Request coreutils Sebastian Krahmer (Jan 22)
- Re: CVE Request coreutils Vincent Danen (Jan 23)
- Re: CVE Request coreutils Florian Weimer (Jan 22)
- Re: CVE Request coreutils Vincent Danen (Jan 21)
- Re: CVE Request coreutils Florian Weimer (Jan 22)