This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug other/28328] Stack smash protection non-verbose
- From: "solar at gentoo dot org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: 11 Jul 2006 04:57:21 -0000
- Subject: [Bug other/28328] Stack smash protection non-verbose
- References: <bug-28328-8896@http.gcc.gnu.org/bugzilla/>
- Reply-to: gcc-bugzilla at gcc dot gnu dot org
------- Comment #9 from solar at gentoo dot org 2006-07-11 04:57 -------
(In reply to comment #7)
> (In reply to comment #5)
> > This bug should get itself assigned.
>
> You know like many other open source projects, if you really want a feature you
> should implement it.
I would not have a problem doing that when I have some free time and am
ready to move to gcc-4.x.
> As I mentioned in the other bug, knowing where something
> crashed is only part of the story on debugging, you also need to know why,
> which can be much harder to see as the problem comes from 1000 lines before.
> So getting this info is only useful for obvious bugs which someone could spot
> by going through the code line by line.
>
> Also the user should not know your internals of your program, it just confuses
> them and in fact it might cause some of IP to be exposed and you don't want
> that.
Sorry but as somebody that has been an active supporter of ssp over the
years and somebody thats fixed dozens of bugs spotted by ssp your
statement is not really valid about exposing a function name to end
users. You might be surprised in fact at how many end users are also
problem solvers. The printing a function name is not really an info
leak nor is it exposing IP anymore than say looking .dynstr itself. I
don't mean in anyway to insult you in saying so. I'm just saying I know
what I'm talking about as somebody who has delt with many bugs with
respect to this very thing.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28328