[PATCH] Adding diversity for security

Wed Jan 22 23:19:12 PST 2014

On Thu, Jan 23, 2014 at 1:09 AM, Julian Lettner <julian.lettner at gmail.com>wrote:

> Thanks for your comments, Alp.
> Regarding the static / global issue, I agree and I will try to take care
> of it.
>
> @Stephen, Andrei
> What are your opinionson un-seeded / non-deterministic compilation?
>
> PS: Our discussion does not get aggregated here:
> http://llvm-reviews.chandlerc.com/D1803
> Did I do something wrong? How can we change that?
>

Currently email is the system of reference, and phab is there to make it
easier for people like me, who like to have full context views for code
comments or dislike managing patch files on their local disk.
We could make the integration better with a few lines of PHP, but somebody
needs to step up to that, or I need a longer vacation :P

Cheers,
/Manuel

> On Wed, Jan 22, 2014 at 3:50 PM, Alp Toker <alp at nuanti.com> wrote:
>
>> Stephen,
>>
>> I've looked a bit closer at the clang patch.
>>
>> I don't understand why this is global:
>>
>>   llvm::RandomNumberGenerator::SetSalt(SaltString);
>>
>> LLVM and clang have a strict library design so this would be unreliable
>> for anything other than the simplest single-threaded sequential use modes.
>>
>> We're getting close to fixing the last remaining statics so it doesn't
>> seem right to introduce a new one.
>>
>> Alp.
>>
>>
>>
>>
>> On 22/01/2014 23:39, Alp Toker wrote:
>>
>>> On 22/01/2014 23:17, Stephen Crane wrote:
>>>
>>>> Here's the patch for LLVM: http://llvm-reviews.chandlerc.com/D1802 We
>>>> ended up basing the RNG on the already integrated implementation of MD5, to
>>>> avoid any external dependencies. We are really just waiting on review of
>>>> the LLVM patch now that Julian has modified a few things to take care of a
>>>> performance concern.
>>>>
>>>
>>> That sounds good.
>>>
>>> David Majnemer has already done preliminary review of the clang patch
>>> and it looks sane to me.
>>>
>>> It will additionally need user documentation explaining the purpose of
>>> the feature and noting that stability is not guaranteed between different
>>> revisions of the compiler, even with the same seed.
>>>
>>> It's my opinion that un-seeded / non-deterministic compilation shouldn't
>>> be supported at all. If that isn't the case already would it be reasonable
>>> change for you to accommodate?
>>>
>>> Apart from that, just blocked on the LLVM changes.
>>>
>>> Alp.
>>>
>>>
>>>
>>>
>>>> - stephen
>>>>
>>>>
>>>> On Wed, Jan 22, 2014 at 3:00 PM, Alp Toker <alp at nuanti.com <mailto:
>>>> alp at nuanti.com>> wrote:
>>>>
>>>>     The clang side looks fine, but there's very little context as to
>>>>     what's going on here so not possible to review it just like that.
>>>>
>>>>     The patch rebases to clang ToT fine but doesn't build due to
>>>>     missing RNG facilities in LLVM -- could you give a refresher of
>>>>     the status of that with a link? It's been long enough that not
>>>>     everyone remembers the discussion.
>>>>
>>>>     The last I remember of the discussion was that linking to OpenSSL
>>>>     can be painful, and it doesn't feel right as a dependency. What
>>>>     are the other options for pseudo RNG and could we have a simpler
>>>>     scheme?
>>>>
>>>>     That'll help get things moving.
>>>>
>>>>     Alp.
>>>>
>>>>
>>>>
>>>>     On 22/01/2014 21:48, Julian Lettner wrote:
>>>>
>>>>            Is there anything stopping this from going forward?
>>>>
>>>>         http://llvm-reviews.chandlerc.com/D1803
>>>>         _______________________________________________
>>>>         cfe-commits mailing list
>>>>         cfe-commits at cs.uiuc.edu <mailto:cfe-commits at cs.uiuc.edu>
>>>>         http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
>>>>
>>>>
>>>>     --     http://www.nuanti.com
>>>>     the browser experts
>>>>
>>>>
>>>>
>>>
>> --
>> http://www.nuanti.com
>> the browser experts
>>
>>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20140123/1bb38170/attachment.html>