Kees Cook <k...@debian.org> writes: > Speaking to the false positives problem, I've discussed with some people > the idea of having build flags be included in some sort of ELF > comment-like area that can be examined. That way it's becomes trivial to > answer "how was this built?" and all these crapy heuristic checks that > get thrown away. In the mean time, I'll continue to work on the crappy > heuristic checks. ;)
That sounds complicated, since there are separate compiler flags for every object (which may not match) and then the linker flags used to assemble the final executable or shared object. Does ELF give you object-specific comment areas? It sounds like it would need patches to both the compiler and the linker. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/878vjjilxc....@windlord.stanford.edu
