Hi, On Mon, Oct 26, 2009 at 01:36:28PM +0100, Florian Weimer wrote: > * Kees Cook: > > I would like to propose enabling[1] the GCC hardening patches that Ubuntu > > uses[2]. > > Seems a good idea to me. But I think we should defer the required > full archive rebuild until we've got the hardening patch for operator > new[] (which currently can return a heap block which is smaller than > requested). I've got a preliminary version, but it's got a hole when > operator new[] is invoked on a variable-length array. The easy fix > would probably to outlaw heap allocation of VLAs (it's one of those C > GCC extensions that leaked into C++, and it's arguably less needed for > C++).
Right, I agree with this -- I figure this release can be seen as a transition release, where not everything is compiled that way. I don't want to introduce so much archive churn anyway. -Kees -- Kees Cook @debian.org -- To UNSUBSCRIBE, email to debian-gcc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
