In order to be confident in our security implementation we must
ensure that calls to gnu.* code (which might bypass security checks)
are inaccessible to user code running in a secure context.
Some sort of automated testing would be ideal, so that we could reliably
re-run the audit whenever we like. That will ensure we don't have
a (disastrous) regression here.
Likewise we must audit the CNI code for things like buffer overflows.
--
Summary: gnu.* and native code security audit
Product: gcc
Version: 4.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: libgcj
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: tromey at gcc dot gnu dot org
CC: gcc-bugs at gcc dot gnu dot org,java-prs at gcc dot gnu
dot org
OtherBugsDependingO 13603
nThis:
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=21892
