On Thu, Jul 11, 2013 at 11:52:34AM -0700, Brendan Conoboy wrote: > On 07/11/2013 11:49 AM, Jakub Jelinek wrote: > >Stack guards are present, but using libssp, which is the fallback way, > >second class citizen and most likely slower than the standard way. > >E.g. the libssp stack guard setup always uses /dev/urandom, while I guess > >even on ARM kernel provides AT_RANDOM that can be just used. > >And I'd bet that even on ARM reading the stack guard via TLS (well, > >static only always, i.e. hardcoded offset from TLS register), especially for > >PIC, is faster than doing GOT read and two memory references. > > Thanks. Security-wise, is the implementation roughly equivalent in > what is protected against, albeit less efficient? Not sure how exactly /dev/urandom compares to AT_RANDOM security-wise, but most probably it is just less efficient. Definitely something to be benchmarked, analyzed for code size etc. Jakub -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
