[PATCH] 2013/10/15 Security Errata: HotSpot Changes
Omair Majid
omajid at redhat.com
Tue Nov 26 10:26:02 PST 2013
* Andrew <gnu.andrew at redhat.com> [2013-11-25 07:05]:
> > >
> > > Updated (more clean) typo webrev based on changeset [9] -
> > > http://cr.openjdk.java.net/~akasko/jdk6/webrev_hotspot_makefile_typo.01/
> > >
>
> I think the original patch was preferable; this revised version would add the flag
> on archs other than x86 AFAICS.
Note sure what other architectures the windows builds work on, but yeah,
I prefer the older version too.
> > > Separate webrev for safeseh flag remove -
> > > http://cr.openjdk.java.net/~akasko/jdk6/webrev_hotspot_sa_safeseh_disabled.00/
> > >
> > > It is actually the rollback of this change [10] from initial patch.
> > >
>
> This essentially removes the security fix for the serviceability agent.
> I'm not sure whether that's wise. On the other hand, this issue (8015614)
> doesn't have a CVE number, so it's just a defense-in-depth fix, ensuring all
> libraries have safe exception handler tables AFAICS.
>
> http://msdn.microsoft.com/en-us/library/9a89h429(v=vs.110).aspx
>
> As far as I can tell, the build issue arises because something is being linked
> against that doesn't have SEH tables. From what I've read, without the flag,
> the files being built will still have SEH tables if possible, but it can't
> guarantee it.
>
> Omair, what are your thoughts?
I prefer removing /SAFESEH (since it should be implicit already). Adding
it is a DID fix, and the 'fix' is breaking builds.
Thanks,
Omair
--
PGP Key: 66484681 (http://pgp.mit.edu/)
Fingerprint = F072 555B 0A17 3957 4E95 0056 F286 F14F 6648 4681
More information about the jdk6-dev
mailing list