lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 15 Aug 2003 10:32:14 +0200
From: Peter Busser <peter@...steddebian.org>
To: bugtraq@...urityfocus.com
Subject: Re: Buffer overflow prevention


Hi!

> >There is a flag for the Gnu C/C++ compilers, -fstack-protector, that will 
> >implement ProPolice stack protection.  It should prevent stack smashing 
> >techniques.
> >
> That is not actually in the standard GCC; it is in a forked GCC that 
> OpenBSD chooses to ship.

Adamantix and Gentoo Hardened also ship this patched GCC compiler.

> We (Immunix) are in the process of trying to make StackGuard (the 
> original) meet all of the criteria required for acceptance into GCC. At 
> the GCC Summit <http://www.gccsummit.org/2003/> in May, we presented a 
> StackGuard talk 
> <http://www.gccsummit.org/2003/view_abstract.php?talk=31> on that topic.

I would rather see Hiraoke Etoh's Stack Smashing Protector (aka ProPolice) as
standard stack-smashing protection mechanism in GCC than StackGuard.

Groetjes,
Peter Busser
-- 
The Adamantix Project
Taking trustworthy software out of the labs, and into the real world
http://www.adamantix.org/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ