This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Re: inlining failed
- From: Nix <nix at esperi dot org dot uk>
- To: Petr Baudis <pasky at suse dot cz>
- Cc: "Carlos O'Donell" <carlos at systemhalted dot org>, Dominik Táborský <bremby at seznam dot cz>, libc-help at sourceware dot org
- Date: Thu, 04 Dec 2008 01:24:19 +0000
- Subject: Re: inlining failed
- References: <1227974019.24048.32.camel@eddy> <87wsemclqi.fsf@hades.wkstn.nix><119aab440811291304o2c929d3bw9fb3c05c2a814a6b@mail.gmail.com><87skpacjsb.fsf@hades.wkstn.nix><119aab440811291357h4689c400ka112d66b235154de@mail.gmail.com><87zljc21nx.fsf@hades.wkstn.nix> <20081204011157.GC7239@machine.or.cz>
On 4 Dec 2008, Petr Baudis verbalised:
>> Perhaps some distros will be interested in it.
>
> FWIW, I will certainly investigate this for future inclusion in SUSE,
Yay! If I improve the security of even one other person's machine this
patch has been worthwhile. (Nobody else has tested it yet, so I'd be
interested to know if it works for you, or doesn't of course.)
> I'm wondering what kind of so bad downsides does Ulrich see here - I
> wouldn't think the check would have noticeable effect on performance,
> though it should of course be measured...
I'd expect zero effect on performance unless you turned it on :) it is
of course off by default.
In any case, if you turn on something as notably expensive as the
stack-protector (benchmarked by others in the past as causing a 4%
slowdown on average), surely you're saying that you care more about
security than performance? Now that the kernel can be stack-protected
(on x86-64, at least) glibc is the last major component that couldn't be
protected on hardened distros. It would be a pity if it remained
unprotected forever...