This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libgcj/21892] New: gnu.* and native code security audit


In order to be confident in our security implementation we must
ensure that calls to gnu.* code (which might bypass security checks)
are inaccessible to user code running in a secure context.
Some sort of automated testing would be ideal, so that we could reliably
re-run the audit whenever we like.  That will ensure we don't have
a (disastrous) regression here.

Likewise we must audit the CNI code for things like buffer overflows.

-- 
           Summary: gnu.* and native code security audit
           Product: gcc
           Version: 4.1.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: libgcj
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: tromey at gcc dot gnu dot org
                CC: gcc-bugs at gcc dot gnu dot org,java-prs at gcc dot gnu
                    dot org
OtherBugsDependingO 13603
             nThis:


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=21892


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]