On 11/04/2016 07:34 PM, Richard W.M. Jones wrote:
Also the hardening stuff often doesn't apply in safe languages, so the tools you build around this shouldn't automatically assume no hardening == bad; or that 'long double' or 'wchar_t' are meaningful.
Sorry, this isn't true. As long as you don't have a bytecode interpreter (which is a very attractive target for code injection attacks, to the degree that additional hardening may not matter at all), even supposedly memory-safe languages have type system trapdoors, or perhaps they do not enforce memory safety in the presence of data races. This means that many of the hardening settings still matter.
Thanks, Florian _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
