Dailydave mailing list archives
Re: The value of knowing reverse engineering
From: Alexander Sotirov <asotirov () determina com>
Date: Tue, 21 Feb 2006 17:03:45 -0800
halvar () gmx de wrote:
now with all the discussion about GCC's security features, I can quip in a bit more than one line. Rolf and me are having long discussions after having had crazy problems with GCC's code generation over the time -- Rolf really wants to get rid of GCC for our products, and I can't blame him. The amusing thing is that I think that reverse engineers and developers are an almost disjoint set, because apparently developers just 'live' with broken code generation, and many RE's don't develop enough to notice broken compilers.
Hey Halvar, I've been following GCC development for a while, and I have the impression that they are pretty good about fixing wrong code generation bugs. From the discussions on the GCC mailing list it seems that these bugs usually get assigned highest priority and are resolved quickly. While developers are generally pretty clueless about assembly, I doubt that this applies to compiler developers. It takes a really good understanding of the architecture to write a good instruction scheduler or a peephole optimization pass. Can you give some examples of GCC bugs that you've encountered? Your observation about the value of development experience for a security researcher is very true. I would also add system administration and IT support experience to the list, especially if you are working on network security or penetration testing. It is much easier to break something when you know how you are supposed to use it first. Alex
Current thread:
- The value of knowing reverse engineering halvar (Feb 21)
- Re: The value of knowing reverse engineering Alexander Sotirov (Feb 22)
- Re: The value of knowing reverse engineering Matt Hargett (Feb 22)
- Re: The value of knowing reverse engineering Chad Loder (Feb 22)
- Re: The value of knowing reverse engineering Matt Hargett (Feb 23)
- Re: The value of knowing reverse engineering Chad Loder (Feb 23)
- Re: The value of knowing reverse engineering Matt Hargett (Feb 22)
- Re: The value of knowing reverse engineering Alexander Sotirov (Feb 22)