This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: Stack protector: leak of guard's address on stack
- From: Florian Weimer <fw at deneb dot enyo dot de>
- To: Maxim Kuvyrkov <maxim dot kuvyrkov at linaro dot org>
- Cc: Thomas Preudhomme <thomas dot preudhomme at linaro dot org>, Jakub Jelinek <jakub at redhat dot com>, gcc at gcc dot gnu dot org
- Date: Tue, 01 May 2018 15:37:31 +0200
- Subject: Re: Stack protector: leak of guard's address on stack
- References: <CAKnkMGsEPiRoKBHEJVrnHbGLNx-7gZk0Kt7uqJRMZgQD1Uh=Wg@mail.gmail.com> <20180427121601.GT8577@tucnak> <CAKnkMGsgfApCWmLfsGfFrHejR4xLotx4B1wUX8XAAo=ceh+EoQ@mail.gmail.com> <20180427122204.GU8577@tucnak> <CAKnkMGtZyZojdWkFH91TS9Hy2knttesSfcFNRdakOSjb3r03AQ@mail.gmail.com> <20180427133845.GV8577@tucnak> <CAKnkMGsJ1CkpZCJjcvVgS=RNgr_fui8jrUagxc5KA8srxMWetg@mail.gmail.com> <87y3h76vig.fsf@mid.deneb.enyo.de> <94B2316C-48EA-41AC-AED6-C7ACBBD628FE@linaro.org> <87muxm2rny.fsf@mid.deneb.enyo.de> <7132E024-182D-4A0F-859C-299CC9B5DBA8@linaro.org>
* Maxim Kuvyrkov:
> The problem is fairly target-dependent, so architecture maintainers
> need to look at how stack-guard canaries and their addresses are
> handled and whether they can be spilled onto stack.
>
> It appears we need to poll architecture maintainers before filing the CVE.
One CVE ID by identified affected architecture would work as well.
MITRE cares about affected software *versions* as well, and since the
targets were added at different GCC versions (or stack protector
support was added), the CVE IDs should be split in most cases anyway.