Jeffrey Walton <noloader@xxxxxxxxx> writes: > If a project does not observe proper preprocessor macros for a > configuration, a project could fall victim to runtime assertions and > actually DoS itself after the assert calls abort(). The ISC's DNS server > comes to mind (confer: there are CVE's assigned for the errant behavior, > and its happened more than once! > http://www.google.com/#q=isc+dns+assert+dos). It's very rare for it to be sane to continue after an assert(). That would normally mean a serious coding error on the part of the person who wrote the assert(). The whole point of assert() is to establish invariants which, if violated, would result in undefined behavior. Continuing after an assert() could well lead to an even worse security problem, such as a remote system compromise. The purpose of the -DNDEBUG compile-time option is not to achieve additional security by preventing a DoS, but rather to gain additional *performance* by removing all the checks done via assert(). If your goal is to favor security over performance, you never want to use -DNDEBUG. -- Russ Allbery (rra@xxxxxxxxxxxx) <http://www.eyrie.org/~eagle/> _______________________________________________ Autoconf mailing list Autoconf@xxxxxxx https://lists.gnu.org/mailman/listinfo/autoconf
