[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Enabling compiler warning flags

From: Russ Allbery
Subject: Re: Enabling compiler warning flags
Date: Thu, 20 Dec 2012 12:49:01 -0800
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)

Jeffrey Walton <address@hidden> writes:

> If a project does not observe proper preprocessor macros for a
> configuration, a project could fall victim to runtime assertions and
> actually DoS itself after the assert calls abort(). The ISC's DNS server
> comes to mind (confer: there are CVE's assigned for the errant behavior,
> and its happened more than once!

It's very rare for it to be sane to continue after an assert().  That
would normally mean a serious coding error on the part of the person who
wrote the assert().  The whole point of assert() is to establish
invariants which, if violated, would result in undefined behavior.
Continuing after an assert() could well lead to an even worse security
problem, such as a remote system compromise.

The purpose of the -DNDEBUG compile-time option is not to achieve
additional security by preventing a DoS, but rather to gain additional
*performance* by removing all the checks done via assert().  If your goal
is to favor security over performance, you never want to use -DNDEBUG.

Russ Allbery (address@hidden)             <>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]