|
|
Log in / Subscribe / Register

"Strong" stack protection for GCC

"Strong" stack protection for GCC

Posted Feb 13, 2014 20:59 UTC (Thu) by fw (subscriber, #26023)
In reply to: "Strong" stack protection for GCC by jtc
Parent article: "Strong" stack protection for GCC

There are cases where a buffer overflow is exploitable even without overwriting addresses and redirecting execution. A good example is CVE-2001-0797, where you could overwrite the variable which indicated that the user has authenticated successfully.

to post comments

"Strong" stack protection for GCC

Posted Jun 15, 2014 9:03 UTC (Sun) by mina86 (guest, #68442) [Link]

Another thing that -fstack-protector does is rearrange local variables so that arrays start at higher addresses than non-array variables. I haven't found specifics of CVE-2001-0797, but presumably it would solve the problem.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds