On 07/11/2013 05:10 PM, Toshio Kuratomi wrote:
On Thu, Jul 11, 2013 at 07:48:50AM -0400, Jonathan Masters wrote:
And following the legitimate concerns about stack-protector this was
raised by ARM into core Linaro as an urgent action for which engineering
resource is being assigned to correct this deficiency ASAP. Thus within
a day an issue has been noted that we were unaware of and is being worked
through a process to correct it, as would be the case with any deficiency
on x86. The stack protection stuff will be fixed. Let's bike shed over the
next nitpick nuance that the anti-ARM crowd want to throw in the way ;)
Just in case it wasn't part of what was discussed, please note that if all
goes well, F20 will be switching to use -fstack-protector-strong rather than
just -fstack-protector so we'd need the functionality for that implemented:
The good news is that -fstack-protector-strong is exclusively a
middle-end feature which did not require any changes to the backend
implementation. It just caused more functions to be instrumented with
canary checks, based on the local variables in the function and how they
are used.
NVR optimization and retslot handling might different among
architectures (I haven't checked), but the existing patch (in Fedora and
upstream) does not deal with those anyway.
--
Florian Weimer / Red Hat Product Security Team
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
