Bug#537409: info
On Mon, Jul 20, 2009 at 12:09:05AM -0400, Michael S Gilbert wrote:
> while this bug is still open, would it make sense to disable the gcc
> option/optimization/bug/flaw that allows this vulnerability to exist?
> the "-fno-delete-null-pointer-checks" flag will completely disable
> this option kernel-wide [1].
Already done in sid.
> obviously there is a tradeoff here. the null pointer optimization
> does make the kernel run a bit faster (and maybe that should be
> quantified to determine the impact), but on the other hand it opens up
> a slew of vulnerabilities. i think erring on the side of
> caution/security is the way to go.
>
> anyway, just a thought.
>
> mike
>
> [1] http://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html
>
>
>
--
dann frazier
Reply to: