What's New in Fedora Core 5 Test2
Posted Jan 19, 2006 10:34 UTC (Thu) by nix
In reply to: What's New in Fedora Core 5 Test2
Parent article: What's New in Fedora Core 5 Test2
The old patch was called, variously, `SSP' and `ProPolice' at different times (and by different people? Its history is murky.)
`Assign a random and verifiable value to the stack' is a bad description. It populates a random `stack canary' from /dev/urandom at process initialization, then puts it at the top of the stack frame of all functions containing a char array above a certain size (or, with -fstack-protector-all, any function containing a char array); it also reorders the stack frame to ensure that parameters also appear on one side of the canary, while the function return address is on the other side of it. The effect is to ensure that buffer overruns that smash the return address will always smash the canary too, making `return-into-libc' attacks and many other classes of buffer overrun much harder.
(The only downside is that this drains /dev/urandom's entropy pool. gentoo at least has a patch that creates a /dev/frandom device that is seeded just once from the entropy pool and then becomes a normal PRNG, and a patch to SSP that uses it, but the frandom patch was rejected from the kernel tree on the basis that some daemon could equally well do the job. It could: but that would stop you from using it in SSP...)
to post comments)