[grsec] Future of PAX_CONFIG_FORTIFY_SOURCE
Pavel Labushev
p.labushev at gmail.com
Wed Sep 9 13:19:12 EDT 2009
Brad Spengler wrote:
> FORTIFY_SOURCE wasn't really protecting anything of worth -- that is,
> most of that 30% was copies of constant lengths into fixed-length
> buffers, not the kinds of memory copies that are actually exploitable.
Then would it be correct to say that FORTIFY_SOURCE is nearly useless in
userland also?
> many in the kernel. I reported this to Jakub Jelinek, with an obvious
> example of the problem, and he called my report "useless." So useless,
> in fact, that the very next day he committed the following code to gcc:
> http://gcc.gnu.org/ml/gcc-patches/2009-06/msg00419.html
As "kind" as often, I see... And sometimes it just amazes me how you and
PaX Team keep doing the hard work and get pointless and offensive words
in response from people like Torvalds and Red Hat's employees like this
one...
> versions in wide-use (and used for compiling distributions). Apparently
> no-one had bothered to look into this previously (no surprise to me).
Yes, like noone else cares... You know, that's even funny a bit.
Sometimes I wander, who's that smart guy who really cares about linux
security and does the work, and it comes to: "Oh, that's spender...
Again." and "Oh, that's PaX Team... Again." Thank you very much for your
effort, guys. It's mostly unique and very valuable to me, personally (I
don't like and don't trust in rat races a la "just get the latest
patches and feel secure").
> Hope that answers everything ;)
Indeed! :) Thank you.
More information about the grsecurity
mailing list