This is the mail archive of the
mailing list for the GCC project.
Re: Give a better error for PCH with exec-shield-randomize
Geoff Keating <firstname.lastname@example.org> writes:
> > The kernel doesn't act randomly,
> Um, I thought that was the point of this feature: it makes the kernel
> map certain things at random locations.
I assume it was clear from the rest of my paragraph what I meant. The
kernel puts certain things in random locations, but it doesn't act
randomly, and there are clear limits on the random locations which it
chooses. exec-shield-randomize provides a limited amount of security
based on shifting the stack. It's not important for that level of
security to pick absolutely any location; it's sufficient to move the
stack a little bit to break any buffer overrun which relies on a
specific stack location.
> I know that host-darwin.c imposes no measurable overhead on gcc's load
> time or its performance when PCH is not used, but I had to talk to
> several kernel and linker people before settling on that particular
> design (and even then I measured the resulting performance before I
> really believed that it would work). I think you will need to do the
> same amount of research before you can come up with something similar
> for linux.
My personal resources are quite limited. I don't have multiple
architectures, and I don't have the time to run multiple kernel
versions. (I'm not doing this for work, of course--Wasabi is a NetBSD
My vote would be to install something along the lines of my patch,
which at least is a big step forward in that the testsuite works.
Then we can find out what else breaks, and how to fix it.
I would certainly be happy for a Linux kernel person to weigh in on