Re: [Xen-devel] [PATCH 1/3] Add support for OpenBSD

[Anil Madhavapeddy <anil@xxxxxxxxxx>]

On 18 Oct 2006, at 08:57, Christoph Egger wrote:

> On Thursday 19 October 2006 09:41, Keir Fraser wrote:
> > On 18/10/06 8:25 am, "Christoph Egger" <Christoph.Egger@xxxxxxx>  
> > wrote:
> > > > We have that already in arch/x86/Rules.mk. If that was working,  
> > > > I doubt
> > > > Christoph would have gone to the trouble of hacking up the SSP  
> > > > goop.
> > > I did this work in August. There wasn't anything SSP-related  
> > > there. So
> > > without SSP support, I got into linking errors.
> > > Now that the work is done, why shouldn't it go in?
> > Uncertainty about new compiler-assisted stuff that I don't believe  
> > will
> > catch any bugs in Xen. Linux guys have clearly reached the same  
> > conclusion.
> > Given we even turn off frame pointers in non-debug builds, is it  
> > likely
> > we'll take this? :-)
> Linux guys also came to the conclusion, kernel debuggers are useless
> to catch any bugs. On the other side, how many use the kgdb patch?
> So, even if my SSP patch won't go in, how many will use it?
> Hmm... now I feel, this ends up in a debate on principles. :-)
There is also the small  matter of filling up the init_guard with  
random values, and not hard-coded ones ... in its current state it  
doesn't actually add any security in Xen with regards to malicious  
activity (although it would catch some accidental stack overflows,  
but as Keir says the use of the stack in this way is fairly rare in  
Xen itself).
-anil



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel