GNU GCC: Optimizer Removes Code Necessary for Security

From: Joseph Wagner (wagnerjdat_private)
Date: Sat Nov 16 2002 - 02:04:44 PST

Next message: Trustix Secure Linux Advisor: "TSLSA-2002-0077 - kernel"

Previous message: Troy Evans: "Re: LOM: Multiple vulnerabilities in Macromedia Flash ActiveX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) When optimizing code for "dead store removal" the optimizing compiler may remove code necessary for security. A programmer could erroneously think that his code is secure, even though the securing code is removed from the compiled code. For a full report, including a complete description of the bug, steps necessary to reproduce the problem, a workaround, and sample code, go to: http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit- trail&database=gcc&pr=8537

Next message: Trustix Secure Linux Advisor: "TSLSA-2002-0077 - kernel"
Previous message: Troy Evans: "Re: LOM: Multiple vulnerabilities in Macromedia Flash ActiveX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Nov 19 2002 - 12:04:01 PST