On Wed, Mar 05, 2008 at 03:21:43PM -0800, David Daney wrote: > Olivier Galibert wrote: > >On Wed, Mar 05, 2008 at 10:43:33PM +0100, Michael Matz wrote: > >>FWIW I don't think it's a release blocker for 4.3.0. The error is arcane > >>and happens seldomly if at all. And only on unfixed kernels. A program > >>needs to do std explicitely, which most don't do _and_ get hit by a > >>signal while begin in a std region. This happens so seldom that it > >>didn't occur in building the next openSuSE 11.0, and it continually > >>builds packages with 4.3 since months. > > > >How would you know whether it has happened? > > > > The same way you do with other bugs: You would observe unexpected behavior. > > In this case probably either corrupted memory or a SIGSEGV.
So that probably means the programs you use for compiling packages probably aren't hit. Doesn't mean the packages you've compiled with it aren't hit. Compiling packages doesn't test what's in them at all. It's extremely rare, no doubt about it. It's just that it *yells* security issue in the making. It's not a source bug, i.e. not easily reviewable. It's related to signal handlers which are the mark of a server and/or more failure-conscious program than usual. It's obscure (breaking a stringop, probably memset, or a not-paranoid-enough inline asm in a signal handler through a running memmove in the main program, oh my) but reasonably predictable for someone looking for an exploitable flaw. It's gcc's job to adapt to the realities of its running environment, not the other way around. OG.
