| 1 |
Ryan Hill <dirtyepic@g.o> wrote: |
| 2 |
> Martin Vaeth <vaeth@××××××××××××××××××××××××.de> wrote: |
| 3 |
>> > |
| 4 |
>> > * -fstack-protector{-all} |
| 5 |
>> > No thank you. -fstack-protector has very limited coverage |
| 6 |
>> |
| 7 |
>> I'd say it covers most cases where bugs can be made, [...] |
| 8 |
> |
| 9 |
> The numbers I've seen show a maximum of 5% coverage for code that has a |
| 10 |
> large number of functions containing char arrays on the stack. |
| 11 |
|
| 12 |
If you have no local array on the stack, it is rather hard to write |
| 13 |
accidentally(!) code in the function which corrupts the stack. |
| 14 |
(It still is possible e.g. through bad casting, but it is rather |
| 15 |
unlikely that this happens by accident). |
| 16 |
So coverage of these functions covers most cases of accidental bugs. |
| 17 |
Of course, as Ciaranm already mentioned, there is no compiler flag |
| 18 |
which transforms unsafe code into safe one, but if even just one or |
| 19 |
two security bugs can be avoid this way, it was worth to add |
| 20 |
this flag IMHO. |
| 21 |
|
| 22 |
> Most code doesn't fall into that category. |
| 23 |
|
| 24 |
Isn't this good news? It means most code will not get *any* |
| 25 |
penalty with -fstack-protector. |
Archives