This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Give a better error for PCH with exec-shield-randomize


Geoff Keating <geoffk@desire.geoffk.org> writes:

> > The kernel doesn't act randomly,
> 
> Um, I thought that was the point of this feature: it makes the kernel
> map certain things at random locations.

I assume it was clear from the rest of my paragraph what I meant.  The
kernel puts certain things in random locations, but it doesn't act
randomly, and there are clear limits on the random locations which it
chooses.  exec-shield-randomize provides a limited amount of security
based on shifting the stack.  It's not important for that level of
security to pick absolutely any location; it's sufficient to move the
stack a little bit to break any buffer overrun which relies on a
specific stack location.

> I know that host-darwin.c imposes no measurable overhead on gcc's load
> time or its performance when PCH is not used, but I had to talk to
> several kernel and linker people before settling on that particular
> design (and even then I measured the resulting performance before I
> really believed that it would work).  I think you will need to do the
> same amount of research before you can come up with something similar
> for linux.

My personal resources are quite limited.  I don't have multiple
architectures, and I don't have the time to run multiple kernel
versions.  (I'm not doing this for work, of course--Wasabi is a NetBSD
company.)

My vote would be to install something along the lines of my patch,
which at least is a big step forward in that the testsuite works.
Then we can find out what else breaks, and how to fix it.

I would certainly be happy for a Linux kernel person to weigh in on
this.

Ian


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]