Siddhesh Poyarekar's contributions
Article
Security policies in open source software
Explore the motivation behind the GNU toolchain project's new security policies and why more open source communities should adopt policies for their projects.
Article
How to improve application security using _FORTIFY_SOURCE=3
Discover how to improve application and library security at the source with _FORTIFY_SOURCE macro defined to 3 and how it impacts performance.
Article
GCC's new fortification level: The gains and costs
Discover the gains and costs of GCC’s enhanced runtime buffer overflow protection. Level 3 _FORTIFY_SOURCE preprocessor macro may detect more buffer overflows, but there’s a cost.
Article
Use compiler flags for stack protection in GCC and Clang
Smash-stacking attacks are common, but the GCC and Clang compilers have a number of flags that can help defend against them. Read on for more info.
Article
Securing malloc in glibc: Why malloc hooks had to go
Read how memory allocation, or malloc hooks, were unsafe in multi-threaded environments and why they were removed from the GNU C Library, or glibc.
Article
Mostly harmless: An account of pseudo-normal floating point numbers
Pseudo-normal numbers represent a gap in floating point number classification in the long double format on Intel x86. Find out how glibc and GCC address it.
Article
Broadening compiler checks for buffer overflows in _FORTIFY_SOURCE
The GNU C Library's 2.33 release adds buffer overflow protection for C/C++ programs. Find out how _FORTIFY_SOURCE=3 improves overflow protection in glibc.
Article
Malloc systemtap probes: an example
One feedback I got from my blog post on Understanding malloc behavior using Systemtap userspace probes was that I should have included an example script to explain how this works. Well, better late than never, so here's an example script. This script prints some diagnostic information during a program run and also logs some information to print out a summary at the end. I'll go through the script a few related probes at a time. global sbrk, waits, arenalist, mmap_threshold...
Security policies in open source software
Explore the motivation behind the GNU toolchain project's new security policies and why more open source communities should adopt policies for their projects.
How to improve application security using _FORTIFY_SOURCE=3
Discover how to improve application and library security at the source with _FORTIFY_SOURCE macro defined to 3 and how it impacts performance.
GCC's new fortification level: The gains and costs
Discover the gains and costs of GCC’s enhanced runtime buffer overflow protection. Level 3 _FORTIFY_SOURCE preprocessor macro may detect more buffer overflows, but there’s a cost.
Use compiler flags for stack protection in GCC and Clang
Smash-stacking attacks are common, but the GCC and Clang compilers have a number of flags that can help defend against them. Read on for more info.
Securing malloc in glibc: Why malloc hooks had to go
Read how memory allocation, or malloc hooks, were unsafe in multi-threaded environments and why they were removed from the GNU C Library, or glibc.
Mostly harmless: An account of pseudo-normal floating point numbers
Pseudo-normal numbers represent a gap in floating point number classification in the long double format on Intel x86. Find out how glibc and GCC address it.
Broadening compiler checks for buffer overflows in _FORTIFY_SOURCE
The GNU C Library's 2.33 release adds buffer overflow protection for C/C++ programs. Find out how _FORTIFY_SOURCE=3 improves overflow protection in glibc.
Malloc systemtap probes: an example
