From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from earwig.ash.relay.mailchannels.net (earwig.ash.relay.mailchannels.net [23.83.222.54]) by sourceware.org (Postfix) with ESMTPS id 21B683858D3C for ; Tue, 12 Sep 2023 16:45:11 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 21B683858D3C Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gotplt.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 7354B541EB4; Tue, 12 Sep 2023 16:45:08 +0000 (UTC) Received: from pdx1-sub0-mail-a285.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 125E6541E1B; Tue, 12 Sep 2023 16:45:08 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1694537108; a=rsa-sha256; cv=none; b=YDmiRF7qRwi/VyqjRgMMrgdJbVn85pobcXA/AXAlqvmoJ8BjodG6KQS1Wrdxa1XTKG+4PV YW9F7NVW++yN4DUJNw7Yc7EhqLfJiHDih9xcSMw5dUT55fybNB9X9HWiHXNxhaxsAvN6Ha 7OXD0I6l1OAro61QEC9DTaDEWUTfddkF71B0SWncTUOpp0hcuHHpgQYzWq1SijDogs6Bzh Bjy4oXvkdKKWcyz0WZ7eeG17Fw4U1TWzcYP145spcj7Z1UbzWoXLWUY/ZGewKwWXPUg0+o nSa+5qM3YGrg6/f+7NNcZsSFT4LDB+qfbRbTewhnGVQeXrxX6SGzVloC/LlSKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1694537108; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=3U2wAs8R4O9aFFLieB/bsybe4WJ98ogF/oNZH0r3fFs=; b=TmArkB5lun36RTMPem2+uWexknwuFRthbuHGu3S1bVWkdc9bhCcJRdQN/X+bOCwxWhcjj4 B+9dhQuea8qEbuXkjWF4o2I8r8qQxv94EPdLOV9HEOBwGCTRok7IdVdsiP4vHt134k8QwO jJTtiDoGZTikR0EjPvBjoo2C7vz98Ssf0xPGgZnXtmJUyTKbzjWzlOBv3MBc3R6Lqe1sKv p2Q9IVoMaNcXwp01N5dJxo9r3SLQRyd9vEQDy9JkR9p8l2IRlCGrJI8zct0EbD5HXeLcad KwtJCiyoV6C+ABnABGKgROrWPISqDKEacBXscMP/2bxSNM1ry0odrR3FnIKfwQ== ARC-Authentication-Results: i=1; rspamd-7c449d4847-mhlnm; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Versed-Spot: 126d3e007a33c13b_1694537108292_3059400998 X-MC-Loop-Signature: 1694537108291:1129959798 X-MC-Ingress-Time: 1694537108291 Received: from pdx1-sub0-mail-a285.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.124.191.124 (trex/6.9.1); Tue, 12 Sep 2023 16:45:08 +0000 Received: from [192.168.0.182] (bras-vprn-toroon4834w-lp130-02-142-113-138-41.dsl.bell.ca [142.113.138.41]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a285.dreamhost.com (Postfix) with ESMTPSA id 4RlTw354xyzRG; Tue, 12 Sep 2023 09:45:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotplt.org; s=dreamhost; t=1694537107; bh=3U2wAs8R4O9aFFLieB/bsybe4WJ98ogF/oNZH0r3fFs=; h=Date:Subject:To:From:Content-Type:Content-Transfer-Encoding; b=NQ8NwU/6jgatPnwPLcZjMo6sXxS+J/aan8M9d4jkPqCO6f5hCyZAPQh5z8oYD++6o TY2AuTNzJA3w8uCkLa+cih55qYU6oOK4ODNm/Ddbi1tsgp9n9dIySJHSw+Gn/uuQAU AVPiM2W/w5hV3JlBKZvOXDzSHG2sh9nReq5SwZB+QD0+SAs84dttFdGOnIQk+Mk3JZ 2DUYKARRs+gjNc+mc5Yzz3pvruGQ/EfUTju01LTfPQuyYa/IZC01CqE/bRnumWaTZp 43tnBaOjj+GP0U0lGgdAP8BeT/bfusPJprNvu9Oo64MWrYFlfeFdGElqrwt0K13F8l u6E1CUtobY/dg== Message-ID: <46cfa37b-56eb-344d-0745-e0d35393392d@gotplt.org> Date: Tue, 12 Sep 2023 12:45:06 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Subject: Re: [PATCH 00/19] aarch64: Fix -fstack-protector issue Content-Language: en-US To: Richard Sandiford , gcc-patches@gcc.gnu.org References: <20230912152529.3322336-1-richard.sandiford@arm.com> From: Siddhesh Poyarekar In-Reply-To: <20230912152529.3322336-1-richard.sandiford@arm.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3030.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2023-09-12 11:25, Richard Sandiford via Gcc-patches wrote: > This series of patches fixes deficiencies in GCC's -fstack-protector > implementation for AArch64 when using dynamically allocated stack space. > This is CVE-2023-4039. See: > While this is a legitimate missed hardening, I'm not sure if this qualifies as a CVE-worthy vulnerability since correct programs won't actually be exploitable due to this. This is essentially the kind of thing that the "Security features implemented in GCC" section in the proposed security policy[1] describes. Thanks, Sid [1] https://inbox.sourceware.org/gcc-patches/ba133293-a7e8-8fe4-e1ba-7129b9e103f7@gotplt.org/