LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Can anyone see any reason why a customer would need to compile a new compiler?

[ILUG] Can anyone see any reason why a customer would need to compile a new compiler?

paul at clubi.ie paul at clubi.ie
Sun Jun 25 23:55:55 IST 2006 

On Sun, 25 Jun 2006, Declan Moriarty wrote:

> Yes, actually you are right.

Well, "paul" and "right" are two words often used in the same 
sentence...

> But unless you know the system intimately at a code level, you 
> won't have a great idea of what those bits of the system are, will 
> you? Hence the all or nothing approach is best. Or, you could grok 
> all the code...

Well, no. Again:

- most stack overflows are of local variables in /application/ code
   (not library code), even where the actual overflow occurs via some
   library function.

   There is a technical reason why this /tends/ to be true: Library
   code tends to either take storage as a parameter (e.g. a local
   variable in a caller) from the caller or allocate required storage
   from the heap (local storage in a library function tends not to
   last long enough ;) ). So SSP tends to have greater impact in
   application code itself.

- Stack overflows greatest security impact is in network-enabled
   applications
   - you don't need to be a code wizard to figure out what
     applications those are, use "nmap"
   - hence you can recompile just those applications and realise a
     significant security benefit

- SSP has a performance impact, so there is value in not applying
   it to code where it won't have any security benefits

IIRC: at least one distro only /selectively/ compiled network-enabled
     applications with SSP, precisely due to the above reasoning ;).

> And the biggest word in there was the "IF". I think it extremely 
> unlikely that a vanilla gcc-4.1 will compile on any sort of an old 
> system.

I havn't dug around gcc sources, but I have to say that would 
surprise me given that:

a) gcc (regardless of fact that it is a compiler) is meant to be
    highly portable.

b) I would /suspect/ that compilers would tend to be quite
    free-standing bodies of code, with the most minimal of external
    dependencies of any code you could find.. (just a suspicion..)

> They seem to be using very recent kernel headers and binutils 
> versions to get it going.

Binutils maybe. Kernel headers??? You thinking of glibc maybe?

regards,
-- 
Paul Jakma	paul at clubi.ie	paul at jakma.org	Key ID: 64A2FF6A
Fortune:
Judging from the behavior of some people...not all jackasses have tails.

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell