Control: retitle -1 Please identify lack of UBSAN compiler/linker flags Jakub Wilk: > Relevant thread on oss-security: > http://www.openwall.com/lists/oss-security/2016/02/17/9
Right, I was aware of this additional info but failed to update this bug report accordingly. Sorry! tl;dr: "only the UBSAN sanitizer is safe for 'daily use'", as Seth (Cc'ed) summed up in http://openwall.com/lists/oss-security/2017/07/11/1. So I'm retitling this bug report to make it about UBSAN only, i.e. compiling and linking programs with -fsanitize=undefined. Note that by default, UBSAN only displays an error message at runtime when a problem is detected, and then resumes execution. Seth: are you aware of ways to check if a given binary has UBSAN enabled? Or is this something we should add to blhc instead of Lintian? Jakub, does this make sense to you? Do you think this is enough to drop the moreinfo tag? Cheers, -- intrigeri
