This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug libgcj/21892] New: gnu.* and native code security audit
- From: "tromey at gcc dot gnu dot org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: 2 Jun 2005 22:43:44 -0000
- Subject: [Bug libgcj/21892] New: gnu.* and native code security audit
- Reply-to: gcc-bugzilla at gcc dot gnu dot org
In order to be confident in our security implementation we must
ensure that calls to gnu.* code (which might bypass security checks)
are inaccessible to user code running in a secure context.
Some sort of automated testing would be ideal, so that we could reliably
re-run the audit whenever we like. That will ensure we don't have
a (disastrous) regression here.
Likewise we must audit the CNI code for things like buffer overflows.
--
Summary: gnu.* and native code security audit
Product: gcc
Version: 4.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: libgcj
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: tromey at gcc dot gnu dot org
CC: gcc-bugs at gcc dot gnu dot org,java-prs at gcc dot gnu
dot org
OtherBugsDependingO 13603
nThis:
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=21892