|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2018-12-27 17:03:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
Cook: Security things in Linux v4.20
Kees Cook summarizes
the security-related improvements in the 4.20 kernel.
"Enabling CONFIG_GCC_PLUGIN_STACKLEAK=y means almost all
uninitialized variable flaws go away, with only a very minor performance
hit (it appears to be under 1% for most workloads). It’s still possible
that, within a single syscall, a later buggy function call could use
'uninitialized' bytes from the stack from an earlier function. Fixing this
will need compiler support for pre-initialization (this is under
development already for Clang, for example), but that may have larger
performance implications."
Kees Cook summarizes
the security-related improvements in the 4.20 kernel.
"Enabling CONFIG_GCC_PLUGIN_STACKLEAK=y means almost all
uninitialized variable flaws go away, with only a very minor performance
hit (it appears to be under 1% for most workloads). It’s still possible
that, within a single syscall, a later buggy function call could use
'uninitialized' bytes from the stack from an earlier function. Fixing this
will need compiler support for pre-initialization (this is under
development already for Clang, for example), but that may have larger
performance implications."
