Bug#149463: There should be a gcc version with stack protection patch

To: Torsten Knodt <tk-debian@datas-world.de>
Cc: 149463@bugs.debian.org
Subject: Bug#149463: There should be a gcc version with stack protection patch
From: martin@v.loewis.de (Martin v. Loewis)
Date: 09 Jun 2002 21:26:18 +0200
Message-id: <[🔎] m3wut8b6ed.fsf@mira.informatik.hu-berlin.de>
Reply-to: martin@v.loewis.de (Martin v. Loewis), 149463@bugs.debian.org
In-reply-to: <[🔎] 200206092020.59420.tk-debian@datas-world.de>
References: <[🔎] courier.3D0392A6.000047D0@datas-world.dyndns.org> <[🔎] 1023645258.661.4.camel@kc> <[🔎] 200206092020.59420.tk-debian@datas-world.de>

Torsten Knodt <tk-debian@datas-world.de> writes:

> Link to the announcement on gcc-patches: 
> http://gcc.gnu.org/ml/gcc-patches/2001-06/msg01753.html

I don't think that a Debian bug report is the right place to "push" a
patch into gcc (i.e. to lobby for it).

Instead, you should assume that all patches that have been submitted
to gcc-patches are implicitly Debian bug reports which already have
been forwarded upstream. The status of such a report changes when GCC
maintainers act on the patch (e.g. reject it).

So for this reason, I suggest to close this report as a duplicate. If
you want to advance the patch, please discuss it with GCC
maintainers. Notice that it is not unusual for a patch to sit waiting
for integration for many months, in some cases even years. There is no
way to change that except to become a GCC contributor yourself.

>From a quick review of the patch, I notice the following problems:

> Now why. The patch adds an option to gcc, which can optionally be made 
> default

It is not true that the command line option disables the patch
completely. The changes to reload1.c, gcse.c, function.c, and cse.c
are not disabled if the feature is disabled. 

I'm not enough of a backend expert to tell whether they are harmless
if the command line option is not activated (let alone judging the
correctness of the patch when activated).

> Also, it does some variable reordering to prevent pointers to be overridden 
> by buffer overflows. 

That sounds like a separate feature, and should be submitted
separately.

> With this patch, many buffer overflows can be detected. When this
> happens, the programs are terminated and a message to syslog is
> generated.

This is the biggest problem I have with this patch; that part seems
unacceptable for integration into gcc. With that patch, libgcc depends
on strncat, socket, and open, and it tries to open /dev/urandom. This
is totally unappropriate for libgcc, which must work even for
"minimal" applications.

Regards,
Martin

-- 
To UNSUBSCRIBE, email to debian-gcc-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Bug#149463: There should be a gcc version with stack protection patch
  - From: Torsten Knodt <tk-debian@datas-world.de>
- Bug#149463: There should be a gcc version with stack protection patch
  - From: Philip Blundell <pb@nexus.co.uk>

References:
- Bug#149463: There should be a gcc version with stack protection patch
  - From: "Torsten Knodt" <tk-debian@datas-world.de>
- Bug#149463: There should be a gcc version with stack protection patch
  - From: Philip Blundell <pb@nexus.co.uk>
- Bug#149463: There should be a gcc version with stack protection patch
  - From: Torsten Knodt <tk-debian@datas-world.de>

Prev by Date: Bug#149463: There should be a gcc version with stack protection patch
Next by Date: Bug#149463: There should be a gcc version with stack protection patch
Previous by thread: Bug#149463: There should be a gcc version with stack protection patch
Next by thread: Bug#149463: There should be a gcc version with stack protection patch
Index(es):
- Date
- Thread