[pkg-fso-maint] Bug#766114: Bug#766114: Aw: Re: Bug#766114: Bug#766114: fso-deviced: uninstallable in i386/amd64/armhf

David Derby reportbug at dderby.com
Sat Dec 13 04:54:22 UTC 2014

 > So I think I will enable "-fno-stack-protector" in the package
 > for now.


I'm quite concerned about this fix.  Were you able to determine 100% 
that the problem was caused a bug in the stack protector?  If not, this 
should be regarded as a genuine buffer overflow and disabling the stack 
protector is not the correct solution.  This could be a serious 
vulnerability especially given that fso-deviced runs as root.  You 
mentioned that building without -O2 works so it could well be a bug in 
the optimiser.  A safer solution would be to reduce the optimisation 
level to -O1 but if that still causes a buffer overflow then the 
optimiser should be disabled completely.



More information about the pkg-fso-maint mailing list