This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: Security vulernarability or security feature?
- From: "Robert C. Seacord" <rcs at cert dot org>
- To: Ralph Loader <suckfish at ihug dot co dot nz>
- Cc: cert at cert dot org, crd at cert dot org, gcc at gnu dot org
- Date: Thu, 24 Apr 2008 17:06:36 -0400
- Subject: Re: Security vulernarability or security feature?
- References: <20080425085640.707e9a56@ihug.co.nz>
Ralph,
Comments below.
(a) Arithmetic overflows have historically been a significant source of
security vulnerabilities.
agreed.
(b) Recent versions of gcc (along with other compilers) contain an
optimisation that can *REMOVE* arithmetic overflows.
I am very interested in seeing how this optimization can remove
arithmetic overflows.
If you can send me an example of source code and instructions on how to
build, I would certainly be happy to promote this feature of gcc on our
secure coding web site.
Why is Cert advising people to avoid an optimisation that can ---
realistically, although probably rarely --- remove security
vulnerabilities?
If you are referring to VU#694123, this refers to an optimization that
removes checks pointer arithmetic wrapping. The optimization doesn't
actually eliminate the wrapping behavior; this still occurs. It does,
however, eliminate certain kinds of checks (that depend upon undefined
behavior).
Thanks,
rCs