On Wed, Mar 18, 2015 at 9:14 AM, Ilya Enkovich <enkovich....@gmail.com> wrote:
> 2015-03-18 17:42 GMT+03:00 H.J. Lu <hjl.to...@gmail.com>:
>> On Wed, Mar 18, 2015 at 7:31 AM, H.J. Lu <hjl.to...@gmail.com> wrote:
>>> On Wed, Mar 18, 2015 at 7:02 AM, Jakub Jelinek <ja...@redhat.com> wrote:
>>>>
>>>> Yeah, I agree, the configure check is a reasonable thing to do.
>>>>
>>>
>>> We should either always pass -z bndplt to linker or disable
>>> MPX.
>>>
>>
>> MPX is a security feature. Knowing leaving a door open is a
>> bad idea.
>
> Instrumented binary used with legacy libraries is a supported usage
> model. Each user determines his own level of security.
>
It doesn't mean we should leave a door open. Are we supposed to
detect this with MPX:
[hjl@skylakeclient bug-1]$ cat x.c
#include <string.h>
int
main ()
{
char buf[10];
memset(buf, 'a', 11);
return 0;
}
[hjl@skylakeclient bug-1]$
I believe we should, not maybe. We shouldn't silent fail it
when linker doesn't support -z bndplt.
--
H.J.
