| ▲ | musicale 2 days ago |
| I want an OS distro where all C code is compiled this way. OpenBSD maybe? or a fork of CheriBSD? macOS clang has supported -fbounds-safety for a while, but I"m not sure how extensively it is used. |
|
| ▲ | kgeist 5 hours ago | parent | next [-] |
| Maybe this: https://fil-c.org/pizlix >Pizlix is LFS (Linux From Scratch) 12.2 with some added components, where userland is compiled with Fil-C. This means you get the most memory safe Linux-like OS currently available. The author, @pizlonator, is active on HN. |
| |
|
| ▲ | wyldfire 7 hours ago | parent | prev | next [-] |
| You need to annotate your program with indications of what variable tracks the size of the allocation. So, sure, but first work on the packages in the distro. Note that corresponding checks for C++ library containers can be enabled without modifying the source. Google measured some very small overhead (< 0.5% IIRC) so they turned it on in production. But I'd expect an OS distro to be mostly C. [1] https://libcxx.llvm.org/Hardening.html |
|
| ▲ | bombcar 7 hours ago | parent | prev | next [-] |
| Get gentoo, add this to CFLAGS and start fixing everything that breaks. Become a hero. |
|
| ▲ | pjmlp 6 hours ago | parent | prev | next [-] |
| It is called Solaris, and has this enabled since 2015 on SPARC. https://docs.oracle.com/en/operating-systems/solaris/oracle-... |
| |
| ▲ | salawat 3 hours ago | parent [-] | | Might as well not even talk about anything with the Oracular kiss of death. | | |
| ▲ | rbanffy 2 hours ago | parent | next [-] | | Isn’t Illumos and OpenIndiana doing the same? I still remember someone at Sun commented they treated warnings as errors. This is how software should be developed. | | |
| ▲ | kbolino 2 hours ago | parent [-] | | The feature is only on SPARC, not x86. Oracle killed in-house SPARC development in 2017, and they abandoned OpenSPARC after they acquired Sun, so it's effectively a dead architecture. The software won't work without the hardware to run it on. | | |
| ▲ | pjmlp 2 hours ago | parent [-] | | Fujsitsu also does SPARC, and contrary to HP-UX, people still do buy Solaris. EDIT: https://www.oracle.com/servers/sparc/ https://www.fujitsu.com/global/products/computing/servers/un... Finally, it is up to Intel and AMD to come up with hardware memory tagging, so far they have messed up all attempts, with MPX being the last short lived one. | | |
| ▲ | kbolino an hour ago | parent [-] | | It's good info, and I wouldn't rush a migration off of SPARC systems if I was already using them, but slow death is still death. It was already worrying that workstations were killed off by Sun before the Oracle acquisition; it seems quite clear that no one has been serious about spreading adoption of the architecture for more than two decades now. |
|
|
| |
| ▲ | pjmlp 2 hours ago | parent | prev [-] | | Not everyone suffers from Oracle phobia. Some of us actually do read licenses before using products. Also the FAANG are hardly any better only because they spew cool marketing stuff like do no evil. | | |
|
|
|
| ▲ | 1over137 7 hours ago | parent | prev | next [-] |
| >I want an OS distro where all C code is compiled this way. You first have to modify "all C code". It's not just a set and forget compiler flag. |
|
| ▲ | prussian 6 hours ago | parent | prev | next [-] |
| Fedora and its kernels are built with GCC's _FORTIFY_SOURCE and I've seen modules crash for out of bounds reads. |
| |
| ▲ | dezgeg 6 hours ago | parent [-] | | _FORTIFY_SOURCE is way smaller in scope (as in, closes less vulnerabilities) than -fbounds-safety. |
|
|
| ▲ | groundzeros2015 6 hours ago | parent | prev | next [-] |
| What are you hoping it will achieve? |
| |
| ▲ | irishcoffee 6 hours ago | parent [-] | | The internet went down because cloudflare used a bad config... a config parsed by a rust app. One of these days the witch hunt against C will go away. | | |
| ▲ | hypeatei 5 hours ago | parent | next [-] | | The internet didn't go down and you're mischaracterizing it as a parsing issue when the list would've exceeded memory allocation limits. They didn't hardcode a fallback config for that case. What memory safety promise did Rust fail there exactly? | | | |
| ▲ | random_mutex 5 hours ago | parent | prev | next [-] | | A panic in Rust is easier to diagnose and fix than some error or grabage data that was caused by an out of bounds access in some random place in the call stack | |
| ▲ | wat10000 5 hours ago | parent | prev [-] | | A service going down is a million times better than being exploited by an attacker. If this is a witch hunt then C is an actual witch. |
|
|
|
| ▲ | pezgrande 7 hours ago | parent | prev [-] |
| does any distro uses clang? I thought all linux kernels were compiled using gcc. |
| |
| ▲ | yjftsjthsd-h 3 hours ago | parent | next [-] | | https://www.kernel.org/doc/html/latest/kbuild/llvm.html > The Linux kernel has always traditionally been compiled with GNU toolchains such as GCC and binutils. Ongoing work has allowed for Clang and LLVM utilities to be used as viable substitutes. Distributions such as Android, ChromeOS, OpenMandriva, and Chimera Linux use Clang built kernels. Google’s and Meta’s datacenter fleets also run kernels built with Clang. | |
| ▲ | zmodem 6 hours ago | parent | prev | next [-] | | Not a Linux distro, but FreeBSD uses Clang. And Android uses Clang for its Linux kernel. -fbounds-safety is not yet available in upstream Clang though: > NOTE: This is a design document and the feature is not available for users yet. | |
| ▲ | honktime 5 hours ago | parent | prev [-] | | Chimera does, it also has a FreeBSD userland AFAIU. https://chimera-linux.org/ |
|
