>> Of course gcc -fsanitize=undefined cannot be used on production code. > > Why not? Will it find too many errors?
This discussion is at least 5 years old: https://seclists.org/oss-sec/2016/q1/363 I don't know if the problems have been addressed or if new problems have popped up. The short of it, if you don't read the link above, is that you can use the _OPTIONS environmental variable with a setuid application and clobber any file on the file system. -Steve _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
