> HH+mL2X2OVWv/V6+vyUac3lBVYNtF0ckcyZVDW09ooK8WUpBSk3Jbq4X5HLdyVeD2ynbDF+Kj > qHSHpFm00Yd1UoQYYAWk2+Mmx2PZwJ+rN6oh3m90NNDl4M6TtaVhZPKg9jJzYMVnYwOE= > > On Sat, Aug 29, 2015 at 05:02:33PM -0600, Theo de Raadt wrote: > > It really does not matter. Coder's choice. The result is the same. > > You could hunt them all down, change them all, save a few code bytes, > > but don't you dare introduce any bugs... > > The main function is called by crt0 like > exit(main(argc, argv, envp)); > > Which means that "return 0;" and "exit(0);" in main lead to the same > result. > > But there is a subtle difference. > > If main calls exit, its own stack protector will never be validated, > which means that a previous overflow of main's stack is not spotted. > "return" on the other hand would trigger the machine code to check. > > I would prefer a proper return. Who knows if we spot an issue? But on > the other hand, take Theo's statement into consideration: > > > but don't you dare introduce any bugs...
So it might be nice if a team of 2-3 people try to do all of userland, then work with us to get them in.