[OTR-dev] 4.0.0-rc3 ready to roll. Please try it out!
Ian Goldberg
ian at cypherpunks.ca
Mon Sep 3 19:31:13 EDT 2012
On Mon, Sep 03, 2012 at 06:40:08PM -0400, Greg Troxel wrote:
>
> Ian Goldberg <ian at cypherpunks.ca> writes:
>
> > OK, then I guess the thing to do is just to turn off hardening for that
> > build environment? [I believe the hardening is only actually enabled
> > when -O2 is on, regardless of whether the compiler options are specified
> > or not, so turning it to -O1 or -O0 will also turn off hardening, so you
> > may as well just turn off the hardening and leave it at -O2.]
>
> I was going to leave on SSP and use -O1, but if SSP really needs -O2, I
> might as well use -O2 and no SSP.
That's my understanding.
> I plan to just do that for all of
> pkgsrc to start; it doesn't seem that harmful (or -O1 didn't).
>
> There's still a tiny chance there's something sick going on where the
> code is buggy and with SSP things can be proved to always overwrite so
> it just returns, and thus the compiler is right. But I'll give that
> only 2 in 10^4, esp. since I'd expect an abort if SSP triggers.
If that were the case, I'd expect later versions of gcc to behave the
same way, though? Well, I guess not necessarily. But if gcc 4.1.3 is
_correctly_ optimizing away a good chunk of the whole function, then
something is wrong in the common case, and valgrind would have reported
it, I'd think?
- Ian
More information about the OTR-dev
mailing list