On Wed, Mar 5, 2008 at 10:43 PM, Joe Buck <[EMAIL PROTECTED]> wrote: > > On Wed, Mar 05, 2008 at 01:34:14PM -0800, H. Peter Anvin wrote: > > Richard Guenther wrote: > > > > > >We didn't yet run into this issue and build openSUSE with 4.3 since more > > >than > > >three month. > > > > > > > Well, how often do you take a trap inside an overlapping memmove()? > > Also, would it be possible to produce an exploit? If you can get string > instructions to work "the wrong way", you might be able to overwrite data. > > "We haven't seen a problem" isn't the right answer. Can someone > deliberately *create* a problem? > > And if we aren't sure, we should err on the side of safety.
Oh, you mean releasing a kernel security update? ;) What does ICC or other compilers do? Richard.
