Re: Switch on compiler hardening defaults

To: Kees Cook <kees@debian.org>
Cc: debian-devel@lists.debian.org, debian-gcc@lists.debian.org
Subject: Re: Switch on compiler hardening defaults
From: Florian Weimer <fw@deneb.enyo.de>
Date: Mon, 26 Oct 2009 13:36:28 +0100
Message-id: <[🔎] 87y6mynxgz.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 20091025185525.GI6711@outflux.net> (Kees Cook's message of "Sun, 25 Oct 2009 11:55:25 -0700")
References: <[🔎] 20091025185525.GI6711@outflux.net>

* Kees Cook:

> I would like to propose enabling[1] the GCC hardening patches that Ubuntu
> uses[2].

Seems a good idea to me.  But I think we should defer the required
full archive rebuild until we've got the hardening patch for operator
new[] (which currently can return a heap block which is smaller than
requested).  I've got a preliminary version, but it's got a hole when
operator new[] is invoked on a variable-length array.  The easy fix
would probably to outlaw heap allocation of VLAs (it's one of those C
GCC extensions that leaked into C++, and it's arguably less needed for
C++).

Reply to:

Follow-Ups:
- Re: Switch on compiler hardening defaults
  - From: Kees Cook <kees@debian.org>

References:
- Switch on compiler hardening defaults
  - From: Kees Cook <kees@debian.org>

Prev by Date: Re: Bug#545691: diverting telinit
Next by Date: Re: Packages relying on HOME when building
Previous by thread: Re: Switch on compiler hardening defaults
Next by thread: Re: Switch on compiler hardening defaults
Index(es):
- Date
- Thread