[pkg-fso-maint] Bug#766114: Bug#766114: Aw: Re: Bug#766114: Bug#766114: fso-deviced: uninstallable in i386/amd64/armhf
David Derby
reportbug at dderby.com
Sat Dec 13 04:54:22 UTC 2014
> So I think I will enable "-fno-stack-protector" in the package
> for now.
Hi,
I'm quite concerned about this fix. Were you able to determine 100%
that the problem was caused a bug in the stack protector? If not, this
should be regarded as a genuine buffer overflow and disabling the stack
protector is not the correct solution. This could be a serious
vulnerability especially given that fso-deviced runs as root. You
mentioned that building without -O2 works so it could well be a bug in
the optimiser. A safer solution would be to reduce the optimisation
level to -O1 but if that still causes a buffer overflow then the
optimiser should be disabled completely.
Thanks,
David
More information about the pkg-fso-maint
mailing list