oss-sec mailing list archives
Re: Re: Qualys Security Advisor -- The Stack Clash
From: Daniel Micay <danielmicay () gmail com>
Date: Mon, 19 Jun 2017 14:52:03 -0400
On Mon, 2017-06-19 at 11:26 -0600, Jeff Law wrote:
I would consider those two GCC BZs (68065, 66479) a separate an distinct issue. It is far more important to address design issues around the existing -fstack-check first. I think we've got a pretty good handle on how to address those problems and discussions with the upstream GCC community have already started. In an ideal world we'll get to a place where the new -fstack-check does not change program semantics, never misses probes and is efficient enough to just turn on and forget everywhere. The existing -fstack-check fails all three of those criteria. Jeff
AFAIK, the main efficiency issue (reserving a register) was fixed for GCC 6. I might be missing something but it seems very cheap now, at least for x86_64. It definitely doesn't really work though. Is there an example of it changing program semantics? I haven't seen anything since the generic arch stuff was fixed.
Current thread:
- Re: Qualys Security Advisor -- The Stack Clash Jeff Law (Jun 19)
- Re: Re: Qualys Security Advisor -- The Stack Clash Daniel Micay (Jun 19)
- Re: Re: Qualys Security Advisor -- The Stack Clash Jeff Law (Jun 19)
- Re: Re: Qualys Security Advisor -- The Stack Clash Daniel Micay (Jun 19)
- Re: Re: Qualys Security Advisor -- The Stack Clash Jeff Law (Jun 21)
- Re: Re: Qualys Security Advisor -- The Stack Clash Daniel Micay (Jun 21)
- Re: Re: Qualys Security Advisor -- The Stack Clash Szabolcs Nagy (Jun 23)
- Re: Re: Qualys Security Advisor -- The Stack Clash Jeff Law (Jun 19)
- Re: Re: Qualys Security Advisor -- The Stack Clash Daniel Micay (Jun 19)