On Tue, Oct 15, 2013 at 12:42:44PM -0400, Carlos O'Donell wrote:
On 10/14/2013 10:55 AM, Matthew Garrett wrote:
> Did the arm32 portions of this end up being completed for F20?
For 32-bit ARM on f20:
- Stack guard:
- Existing glibc support provides stack guard value in global
variable and is used by existing runtime. Regression tests are
passing in glibc testsuite. Verified working. Upstream verified
that global variable is the best compromise for performance across
all 32-bit ARM targets (TLS will be too slow in the average case).
What's the effective difference in security between this and the
existing ports?
- Pointer mangling:
- Not supported.
Do we ship it in the x86 ports?
Upstream glibc 2.19 summary:
- Stack guard support already present using global variable.
- Will have pointer encryption support using global variable,
and could be a candidate for backport to f20.
Cool. This is a runtime change, right? There's no requirement for a
rebuild to take advantage of it?
Do we need pointer mangling? If so then we need someone to file an
f20 specific bug so the glibc team can look at backporting the fix.
I won't commit to it until I review exactly what might need changing.
The aim was for parity of important features, but it doesn't seem like
we've ever advertised pointer guard as a Fedora feature so I'm not
personally that worried.
--
Matthew Garrett | mjg59(a)srcf.ucam.org