mailing list archives
Re: Buffer overflow prevention
From: Anil Madhavapeddy <anil () recoil org>
Date: Tue, 19 Aug 2003 17:17:46 +0100
On Mon, Aug 18, 2003 at 11:38:46PM -0700, Crispin Cowan wrote:
ProPolice does not protect functions containing arrays of length 7 or
less. We don't know what other cases exist in which ProPolice fails to
protect. This kind of risk exists precisely because of the design choice
that gives ProPolice its multi-architecture capability: putting the
protection way up high in the compiler. This creates the potential for
later stages of GCC to optimize away the security checks, or move them
so far away from relevant code that they are no longer effective. When
you choose ProPolice, you choose CPU portability over security.
You're correct that OpenBSD/ProPolice does not protect buffers of length 7
or less, but your analysis appears to be completely wrong.
It's just a simple #define SUSPICIOUS_BUF_SIZE, and looks to be there for
performance reasons. If you run with -Wstack-protector, PP will warn
explicitly when it skips a too-small buffer. If you are feeling particularly
paranoid and don't mind the performance hit, just crank the define down
and recompile GCC.
It certainly isn't gcc optimising away the checks, or anything to do with
Anil Madhavapeddy http://anil.recoil.org
University of Cambridge http://www.cl.cam.ac.uk
- Re: Buffer overflow prevention, (continued)