[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#796562: lintian: Please identify lack of sanitation compiler/linker flags


Le 20 juillet 2017 08:02:41 GMT+02:00, intrigeri <intrigeri@debian.org> a écrit :
>Control: retitle -1 Please identify lack of UBSAN compiler/linker flags
>
>Jakub Wilk:
>> Relevant thread on oss-security:
>> http://www.openwall.com/lists/oss-security/2016/02/17/9
>
>Right, I was aware of this additional info but failed to update this
>bug report accordingly. Sorry!
>
>tl;dr: "only the UBSAN sanitizer is safe for 'daily use'", as Seth
>(Cc'ed) summed up in
>http://openwall.com/lists/oss-security/2017/07/11/1.
>
>So I'm retitling this bug report to make it about UBSAN only,
>i.e. compiling and linking programs with -fsanitize=undefined.
>Note that by default, UBSAN only displays an error message at runtime
>when a problem is detected, and then resumes execution.

So not safe .... Display an error will change  behaviour...

>Seth: are you aware of ways to check if a given binary has UBSAN
>enabled? Or is this something we should add to blhc instead
>of Lintian?
>
>Jakub, does this make sense to you? Do you think this is enough to
>drop the moreinfo tag?
>
>Cheers,

-- 
Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
Reply to: