Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Buffer overflow prevention
From: Anil Madhavapeddy <anil () recoil org>
Date: Tue, 19 Aug 2003 17:17:46 +0100

On Mon, Aug 18, 2003 at 11:38:46PM -0700, Crispin Cowan wrote:

ProPolice does not protect functions containing arrays of length 7 or 
less. We don't know what other cases exist in which ProPolice fails to 
protect. This kind of risk exists precisely because of the design choice 
that gives ProPolice its multi-architecture capability: putting the 
protection way up high in the compiler. This creates the potential for 
later stages of GCC to optimize away the security checks, or move them 
so far away from relevant code that they are no longer effective. When 
you choose ProPolice, you choose CPU portability over security.

You're correct that OpenBSD/ProPolice does not protect buffers of length 7
or less, but your analysis appears to be completely wrong.

It's just a simple #define SUSPICIOUS_BUF_SIZE, and looks to be there for
performance reasons.  If you run with -Wstack-protector, PP will warn
explicitly when it skips a too-small buffer.  If you are feeling particularly
paranoid and don't mind the performance hit, just crank the define down
and recompile GCC.

It certainly isn't gcc optimising away the checks, or anything to do with

Anil Madhavapeddy                                   http://anil.recoil.org
University of Cambridge                            http://www.cl.cam.ac.uk

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]