|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Crispin Cowan (crispin
wirex.com)Date: Wed Feb 20 2002 - 04:16:41 CST
Mariusz Woloszyn wrote:
>On Tue, 19 Feb 2002, Crispin Cowan wrote:
>
>>>Have anybody seen this:
>>>http://www.trl.ibm.com/projects/security/ssp/
>>>
>>>There is some kind of stack protector for gcc 3.0 and 2.95.
>>>I just found it, so no conclusion, but there is no StackGuard version of
>>>gcc 3.0.
>>>
>>We (i.e. Perry) checked it out back in September 2001, and found it to
>>be horribly broken. We were considering using it for a basis for
>>StackGuard 3.0, but gave it up as a lost cause.
>>
>What exactly is broken there??? They even provide a HOWTO recompile whole
>RedHat distro.
>
Perry did some testing. At least one problem found that it was trivial
to write a test program that ProPolice *said* was protected, but the
code generator did not actually insert the canary code. I think he
complained about several other forms of broken code generation, but I no
longer recall the details.
Crispin
-- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.htmlThe Olympic Games: A Century of Corruption and Graft The FIS: Crushing the soul of snowboarding
_______________________________________________ Immunix-users mailing list Immunix-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]