[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Buffer overflow prevention

To: bugtraq@securityfocus.com
Subject: Re: Buffer overflow prevention
From: Peter Busser <peter@trusteddebian.org>
Date: Fri, 15 Aug 2003 10:32:14 +0200

Hi!

> >There is a flag for the Gnu C/C++ compilers, -fstack-protector, that will 
> >implement ProPolice stack protection.  It should prevent stack smashing 
> >techniques.
> >
> That is not actually in the standard GCC; it is in a forked GCC that 
> OpenBSD chooses to ship.

Adamantix and Gentoo Hardened also ship this patched GCC compiler.

> We (Immunix) are in the process of trying to make StackGuard (the 
> original) meet all of the criteria required for acceptance into GCC. At 
> the GCC Summit <http://www.gccsummit.org/2003/> in May, we presented a 
> StackGuard talk 
> <http://www.gccsummit.org/2003/view_abstract.php?talk=31> on that topic.

I would rather see Hiraoke Etoh's Stack Smashing Protector (aka ProPolice) as
standard stack-smashing protection mechanism in GCC than StackGuard.

Groetjes,
Peter Busser
-- 
The Adamantix Project
Taking trustworthy software out of the labs, and into the real world
http://www.adamantix.org/

References:
- Buffer overflow prevention
  - From: "Eygene A. Ryabinkin" <rea@rea.mbslab.kiae.ru>
- Re: Buffer overflow prevention
  - From: Patrick Dolan <dolan@cc.admin.unt.edu>
- Re: Buffer overflow prevention
  - From: Crispin Cowan <crispin@immunix.com>

Prev by Date: unix entropy source can be used for keystroke timing attacks
Next by Date: Re: PCL-0001: Remote Vulnerability in HORDE MTA < 2.2.4
Prev by thread: Re: Buffer overflow prevention
Next by thread: RE: Buffer overflow prevention
Index(es):
- Date
- Thread