mailing list archives
Re: Buffer overflow prevention
From: Peter Busser <peter () trusteddebian org>
Date: Fri, 15 Aug 2003 10:32:14 +0200
There is a flag for the Gnu C/C++ compilers, -fstack-protector, that will
implement ProPolice stack protection. It should prevent stack smashing
That is not actually in the standard GCC; it is in a forked GCC that
OpenBSD chooses to ship.
Adamantix and Gentoo Hardened also ship this patched GCC compiler.
We (Immunix) are in the process of trying to make StackGuard (the
original) meet all of the criteria required for acceptance into GCC. At
the GCC Summit <http://www.gccsummit.org/2003/> in May, we presented a
<http://www.gccsummit.org/2003/view_abstract.php?talk=31> on that topic.
I would rather see Hiraoke Etoh's Stack Smashing Protector (aka ProPolice) as
standard stack-smashing protection mechanism in GCC than StackGuard.
The Adamantix Project
Taking trustworthy software out of the labs, and into the real world
- Re: Buffer overflow prevention, (continued)