> There is already such a project under development: see
>
> http://gcc.gnu.org/projects/bp/main.html
>
> This is a modification to gcc that implements pointers as triples.
> While there is a performance penalty for doing this, it can completely
> eliminate the problem of exploitable buffer overflows. However, programs
> that violate the rules of ISO C by generating out-of-range pointers will
> fail.
What will it do if I cast a pointer to unsigned long? Or if I cast an
unsigned long to a pointer? The kernel does both of these things, and
in a lot of places.
Part of my beef with what gcc-3 is doing is that I take a pointer,
cast it to unsigned long, do something to it, cast it back to a
pointer, and gcc _still_ thinks it's knows what I am doing. It
doesn't.
Paul.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/