On Sun, Oct 25, 2009 at 03:21:01PM -0400, James Vega wrote:
> On Sun, Oct 25, 2009 at 11:55:25AM -0700, Kees Cook wrote:
> > Arguments against:
> > - makes the compiler's behavior different than stock compiler.
> > Rebuttal: honestly, I don't care -- it seems like such a
> > huge win for safety and is easy to debug. Debian
> > already carries plenty of patches anyway -- there
> > is no such thing as the "stock compiler".
> > - makes more work for dealing with warnings.
> > Rebuttal: those warnings are there for a reason -- they can
> > be real security issues, and should be fixed.
> > - lacks documentation.
> > Rebuttal: that may have been true a while ago, but I've worked
> > hard to document the features and how to handle
> > problems. See [2]. Even the gcc man pages are patched.
> > - makes running Debian slower.
> > Rebuttal: no, nothing supports this. The bulk of _FORTIFY_SOURCE
> > is compile-time. Run-time checks, including those from
> > -fstack-protector are just not measurable. The burden of
> > evidence for anyone claiming this is on them. I'm not
> > suggesting we turn on PIE; that option can be a problem.
>
> - breaks debugging with gdb. See
> <[🔎] 1256300822.13273.39.camel@fsopti579.F-Secure.com> on this list and #346409.
> You provided a patch for #346409, but there appears to be issues with it as
> noted in the bug log.
>
in the footnotes of Kees's email it said:
(Note that the gcc hardening does NOT turn on PIE, which has
measurable performance problems on some architectures.)
so this isn't a problem.
--
_________________________
Ryan Niebur
ryanryan52@gmail.com
Attachment:
signature.asc
Description: Digital signature