User: Password:
|
|
Subscribe / Log in / New account

MIT discovered issue with gcc

From:  Andrew McGlashan <andrew.mcglashan-AT-affinityvision.com.au>
To:  debian-security-AT-lists.debian.org, debian-user <debian-user-AT-lists.debian.org>
Subject:  MIT discovered issue with gcc
Date:  Sat, 23 Nov 2013 12:30:10 +1100
Message-ID:  <52900522.9040507@affinityvision.com.au>
Archive-link:  Article

Hi,

I understand that Debian has a bunch of vulnerabilities as described in
the following PDF.

http://pdos.csail.mit.edu/~xi/papers/stack-sosp13.pdf

Just a small quote:

"This paper presents the first systematic approach for
reasoning about and detecting unstable code. We implement
this approach in a static checker called Stack, and
use it to show that unstable code is present in a wide
range of systems software, including the Linux kernel and
the Postgres database. We estimate that unstable code
exists in 40% of the 8,575 Debian Wheezy packages that
contain C/C++ code. We also show that compilers are
increasingly taking advantage of undefined behavior for
optimizations, leading to more vulnerabilities related to
unstable code."

This looks very serious indeed, but a quick search of Debian mailing
lists didn't show anything being acknowledged for this issue.... should
Debian users be concerned?

-- 
Kind Regards
AndrewM




(Log in to post comments)


Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds