[Ksummit-discuss] [TOPIC] kernel hardening / self-protection / whatever
Kees Cook
keescook at chromium.org
Mon Jul 11 18:59:48 UTC 2016
On Mon, Jul 11, 2016 at 2:07 PM, Josh Triplett <josh at joshtriplett.org> wrote:
> On Mon, Jul 11, 2016 at 01:53:42PM -0400, Kees Cook wrote:
>> On Mon, Jul 11, 2016 at 12:28 AM, Andy Lutomirski <luto at amacapital.net> wrote:
>> > I don't how much of this really needs an in-person meeting, but maybe
>> > some if it would benefit.
>>
>> Perhaps some discussion on new/interesting/better gcc plugins, as the
>> infrastructure and several good examples should have landed by then?
>
> I'd be interested in that as well. One item for discussion: for some of
> the ideas proposed for implementation via GCC plugins, should the code
> rely on the plugin to provide functionality at compile time, or should
> the plugin identify places in the source that need editing and/or
> explicit annotation? The former provides the possibility of removing
> annotations in favor of autodetection, which seems more maintainable;
> the latter provides the functionality even without the plugin.
If we can get the same results without gcc plugins, we should do that,
since I think it would good to play nice with other compilers.
That said, not all things that the plugins do can be done natively by
gcc even with annotation. So, I think a hybrid approach is probably
best: warn about things that could be changed with annotation, but
make the changes too.
-Kees
--
Kees Cook
Chrome OS & Brillo Security
More information about the Ksummit-discuss
mailing list