GNU GCC: Optimizer Removes Code Necessary for Security

From: Joseph Wagner (wagnerjd@prodigy.net)
Date: 11/16/02

Next message: security@caldera.com: "Security Update: [CSSA-2002-046.0] Linux: buffer overflows and other security issues in squid"

Previous message: Jonas Eriksson: "[tcpdump-announce] initial comments on trojan attack (fwd)"
Next in thread: Florian Weimer: "Re: GNU GCC: Optimizer Removes Code Necessary for Security"
Reply: Florian Weimer: "Re: GNU GCC: Optimizer Removes Code Necessary for Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 16 Nov 2002 10:04:44 -0000
From: Joseph Wagner <wagnerjd@prodigy.net>
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is)

When optimizing code for "dead store removal" the optimizing compiler may
remove code necessary for security.

A programmer could erroneously think that his code is secure, even though
the securing code is removed from the compiled code.

For a full report, including a complete description of the bug, steps
necessary to reproduce the problem, a workaround, and sample code, go to:

Next message: security@caldera.com: "Security Update: [CSSA-2002-046.0] Linux: buffer overflows and other security issues in squid"
Previous message: Jonas Eriksson: "[tcpdump-announce] initial comments on trojan attack (fwd)"
Next in thread: Florian Weimer: "Re: GNU GCC: Optimizer Removes Code Necessary for Security"
Reply: Florian Weimer: "Re: GNU GCC: Optimizer Removes Code Necessary for Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]