This makes me want to scream at the gcc maintainers all day long.https://twitter.com/CopperheadOS/status/876835207701200896 …
You know, this is what makes me want to scream. They knew about the problem and chose to ignore it.
-
-
Yeah, lots of people knew about the problem including compiler developers, language developers on top of the compilers, etc.
-
There was an attempt to land LLVM stack probe support for Rust but that died out and got ignored until this round of vulnerabilities.
-
GCC has known their -fstack-check implementation is incomplete for a long time, since bugs were filed and just say around in the tracker.
-
It also only has the "mostly" working implementation on x86. It's more broken than that elsewhere.
-
Until fairly recently, enabling -fstack-check on architectures like ARM would clobber registers, etc. in some cases.
-
Have never been able to understand why only Microsoft cared to make a correct stack growth implementation. Before they cared about security.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.