[Bug c/77992] Failures to initialize padding bytes -- causing many information leaks
kjlu at gatech dot edu
gcc-bugzilla@gcc.gnu.org
Sat Oct 15 03:55:00 GMT 2016
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77992
--- Comment #7 from Kangjie Lu <kjlu at gatech dot edu> ---
(In reply to Andrew Pinski from comment #6)
> >More information can be found in our research paper: http://www.cc.gatech.edu/~klu38/publications/unisan-ccs16.pdf
>
>
> You research paper is wrong and does not consider C is an inherently
> insecure language to be begin with. There are many other things wrong with
> it. Like for an example recommending the use of memset when you want to
> hide the stores from the compiler. There is already a thread on the glibc
> mailing list about this exact thing about adding a secure memset which is
> GCC is not going to optimize away.
Thanks for your feedback.
We do think C is not safe language and that's why we want to secure programs
written in C.
Could you provide me more information about the thread. We use LLVM instead
of GCC. Our instrumentation is inserted after optimization passes.
Thanks!
More information about the Gcc-bugs
mailing list