rawhide report: 20050710 changes
Arjan van de Ven
arjanv at redhat.com
Sun Jul 10 13:58:21 UTC 2005
On Sun, Jul 10, 2005 at 09:52:12AM -0400, Brian Gerst wrote:
>
> What exactly does it do?
it's a port to gcc4 of the "propolice" stuff;
it does 2 things
1) it sorts the variables on the stack with the goal of putting no critical
non-buffer variables after the buffer, so that overflows have less stuff
to scribble over.
2) It puts a canary on the stack (in some conditions), so that overwrites of
the function return address caused by buffer overflows need to also
overwrite the canary, which is then detected before the actual return
value is used. Result is that stack overflows get a lot trickier to
exploit since one would need to guess the value of the canary (which is
random and stored in per thread data) before a return address can
successfully overwritten.
More information about the test
mailing list