MIT discovered issue with gcc
[Posted December 4, 2013 by jake]
| From: |
| Andrew McGlashan <andrew.mcglashan-AT-affinityvision.com.au> |
| To: |
| debian-security-AT-lists.debian.org, debian-user <debian-user-AT-lists.debian.org> |
| Subject: |
| MIT discovered issue with gcc |
| Date: |
| Sat, 23 Nov 2013 12:30:10 +1100 |
| Message-ID: |
| <52900522.9040507@affinityvision.com.au> |
| Archive‑link: | |
Article |
Hi,
I understand that Debian has a bunch of vulnerabilities as described in
the following PDF.
http://pdos.csail.mit.edu/~xi/papers/stack-sosp13.pdf
Just a small quote:
"This paper presents the first systematic approach for
reasoning about and detecting unstable code. We implement
this approach in a static checker called Stack, and
use it to show that unstable code is present in a wide
range of systems software, including the Linux kernel and
the Postgres database. We estimate that unstable code
exists in 40% of the 8,575 Debian Wheezy packages that
contain C/C++ code. We also show that compilers are
increasingly taking advantage of undefined behavior for
optimizations, leading to more vulnerabilities related to
unstable code."
This looks very serious indeed, but a quick search of Debian mailing
lists didn't show anything being acknowledged for this issue.... should
Debian users be concerned?
--
Kind Regards
AndrewM