Cook: Security things in Linux v4.20
Cook: Security things in Linux v4.20
[Kernel] Posted Dec 27, 2018 17:03 UTC (Thu) by corbet
Kees Cook summarizes
the security-related improvements in the 4.20 kernel.
"Enabling CONFIG_GCC_PLUGIN_STACKLEAK=y means almost all
uninitialized variable flaws go away, with only a very minor performance
hit (it appears to be under 1% for most workloads). It’s still possible
that, within a single syscall, a later buggy function call could use
'uninitialized' bytes from the stack from an earlier function. Fixing this
will need compiler support for pre-initialization (this is under
development already for Clang, for example), but that may have larger
performance implications.
"