| Date: Sat, 24 Jun 2006 19:04:19 +0100 (IST)
| From: paul at clubi.ie
|
|[... gcc's SSP (also called "ProPolice") is ] simply the insertion
| of guard values in the frame 'preamble' to protect the return address
| by overflow of variables local to the frame - by having the compiler
| emit code to check the guard is still valid when returning from a
| function.
and the rearrangement of local (auto) variables,
and the duplication of certain parameters; see
http://www.trl.ibm.com/projects/security/ssp/
or (horribly long url)
https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/310.html?branch=1&language=1
| (Note that if the guard is a well-known value, and the attacker can
| inject full values (rather than say, ASCII restricted ones), the
| attacker can defeat SSP easily. I guess though compilers can easily
| randomise the guard value somewhat on a per-object file basis.).
yes. the value, sometimes called a canary, is
nominally random (per execution, not per compile),
albeit there is a fixed fallback.
cheers!
-blf-
--
Experienced (20+ yrs) kernel/software Eng: | Brian Foster Montpellier,
• Unix, embedded, &tc; • Linux; • doc; | blf at utvinternet.ie FRANCE
• IDL, automated testing, process, &tc. | Stop E$$o (ExxonMobile)!
Résumé (CV) http://www.blf.utvinternet.ie | http://www.stopesso.com
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
