From: "H.J. Lu" <hjl.tools@gmail.com>
To: Ilya Enkovich <enkovich.gnu@gmail.com>
Cc: Jakub Jelinek <jakub@redhat.com>,
Richard Biener <richard.guenther@gmail.com>,
GCC Patches <gcc-patches@gcc.gnu.org>,
Uros Bizjak <ubizjak@gmail.com>
Subject: Re: [PATCH, libmpx, i386, PR driver/65444] Pass '-z bndplt' when building dynamic objects with MPX
Date: Wed, 18 Mar 2015 16:45:00 -0000 [thread overview]
Message-ID: <CAMe9rOq0fw+b+UGvRs-Fr3+43ud7jy9xe_EKsP0oXftB+0UdiA@mail.gmail.com> (raw)
In-Reply-To: <CAMbmDYbqxdBMs2XjDAL2ia5rwTwRfqSPDoBPS+=oJEBcJ1FJuw@mail.gmail.com>
On Wed, Mar 18, 2015 at 9:14 AM, Ilya Enkovich <enkovich.gnu@gmail.com> wrote:
> 2015-03-18 17:42 GMT+03:00 H.J. Lu <hjl.tools@gmail.com>:
>> On Wed, Mar 18, 2015 at 7:31 AM, H.J. Lu <hjl.tools@gmail.com> wrote:
>>> On Wed, Mar 18, 2015 at 7:02 AM, Jakub Jelinek <jakub@redhat.com> wrote:
>>>>
>>>> Yeah, I agree, the configure check is a reasonable thing to do.
>>>>
>>>
>>> We should either always pass -z bndplt to linker or disable
>>> MPX.
>>>
>>
>> MPX is a security feature. Knowing leaving a door open is a
>> bad idea.
>
> Instrumented binary used with legacy libraries is a supported usage
> model. Each user determines his own level of security.
>
It doesn't mean we should leave a door open. Are we supposed to
detect this with MPX:
[hjl@skylakeclient bug-1]$ cat x.c
#include <string.h>
int
main ()
{
char buf[10];
memset(buf, 'a', 11);
return 0;
}
[hjl@skylakeclient bug-1]$
I believe we should, not maybe. We shouldn't silent fail it
when linker doesn't support -z bndplt.
--
H.J.
next prev parent reply other threads:[~2015-03-18 16:45 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-18 11:56 Ilya Enkovich
2015-03-18 12:03 ` H.J. Lu
2015-03-18 12:05 ` Ilya Enkovich
2015-03-18 12:08 ` H.J. Lu
2015-03-18 12:13 ` Ilya Enkovich
2015-03-18 12:25 ` H.J. Lu
2015-03-18 12:42 ` Richard Biener
2015-03-18 13:24 ` Ilya Enkovich
2015-03-18 13:32 ` H.J. Lu
2015-03-18 13:41 ` Ilya Enkovich
2015-03-18 13:52 ` H.J. Lu
2015-03-18 13:59 ` Ilya Enkovich
2015-03-18 14:02 ` Jakub Jelinek
2015-03-18 14:31 ` H.J. Lu
2015-03-18 14:42 ` H.J. Lu
2015-03-18 16:14 ` Ilya Enkovich
2015-03-18 16:45 ` H.J. Lu [this message]
2015-03-18 17:13 ` Ilya Enkovich
2015-03-18 17:14 ` H.J. Lu
2015-03-18 17:34 ` Ilya Enkovich
2015-03-18 17:39 ` H.J. Lu
2015-03-18 18:13 ` Ilya Enkovich
2015-03-18 14:03 ` Robert Dewar
2015-03-18 14:33 ` Markus Trippelsdorf
2015-03-23 10:19 ` Ilya Enkovich
2015-03-31 9:47 ` Ilya Enkovich
2015-04-02 4:34 ` Jeff Law
2015-04-02 11:01 ` H.J. Lu
2015-04-03 19:34 ` Joseph Myers
2015-04-06 1:45 ` Sandra Loosemore
2015-04-06 2:35 ` H.J. Lu
2015-04-06 3:08 ` Sandra Loosemore
2015-04-06 15:18 ` Ilya Enkovich
2015-04-06 15:28 ` Jeff Law
2015-04-06 15:54 ` Ilya Enkovich
2015-05-26 9:26 ` Ilya Enkovich
2015-05-27 15:35 ` Jeff Law
2015-06-03 9:04 ` Ilya Enkovich
2015-06-03 15:29 ` Joseph Myers
2015-06-03 15:59 ` Ilya Enkovich
2015-06-03 16:03 ` Joseph Myers
2015-06-04 14:14 ` Ilya Enkovich
2015-06-04 15:55 ` Joseph Myers
2015-06-05 14:44 ` Ilya Enkovich
2015-06-25 19:00 ` Jeff Law
2015-04-06 17:15 ` Sandra Loosemore
2015-04-07 19:01 ` Jeff Law
2015-04-07 19:29 ` H.J. Lu
2015-04-07 20:12 ` Markus Trippelsdorf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMe9rOq0fw+b+UGvRs-Fr3+43ud7jy9xe_EKsP0oXftB+0UdiA@mail.gmail.com \
--to=hjl.tools@gmail.com \
--cc=enkovich.gnu@gmail.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=jakub@redhat.com \
--cc=richard.guenther@gmail.com \
--cc=ubizjak@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).