This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Security vulernarability or security feature?

From: "Robert C. Seacord" <rcs at cert dot org>
To: Ralph Loader <suckfish at ihug dot co dot nz>
Cc: cert at cert dot org, crd at cert dot org, gcc at gnu dot org
Date: Thu, 24 Apr 2008 17:06:36 -0400
Subject: Re: Security vulernarability or security feature?
References: <20080425085640.707e9a56@ihug.co.nz>

Ralph,

Comments below.

(a) Arithmetic overflows have historically been a significant source of security vulnerabilities.

agreed.

(b) Recent versions of gcc (along with other compilers) contain an optimisation that can *REMOVE* arithmetic overflows.

I am very interested in seeing how this optimization can remove arithmetic overflows.

If you can send me an example of source code and instructions on how to build, I would certainly be happy to promote this feature of gcc on our secure coding web site.

Why is Cert advising people to avoid an optimisation that can --- realistically, although probably rarely --- remove security vulnerabilities?

If you are referring to VU#694123, this refers to an optimization that removes checks pointer arithmetic wrapping. The optimization doesn't actually eliminate the wrapping behavior; this still occurs. It does, however, eliminate certain kinds of checks (that depend upon undefined behavior).

Thanks,
rCs

Follow-Ups:
- Re: Security vulernarability or security feature?
  - From: Ralph Loader
- Re: Security vulernarability or security feature?
  - From: NightStrike

References:
- Security vulernarability or security feature?
  - From: Ralph Loader

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]