Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stack-Smashing Protection Added To OpenBSD gcc

Posted by timothy on from the smooshing-still-in-the-wings dept.

DieNadel writes "As posted here, support to ProPolice was added to OpenBSD. You can check the announcement. Note that THERE ARE dependencies that should be taken care of before building a new kernel, even on -stable."

5 of 44 comments (clear)

  1. yes by honold · · Score: 4, Informative

    perhaps you should look at the project web site?

  2. Not -stable, only -current by stab · · Score: 5, Informative

    Note that THERE ARE dependencies that should be taken care of before
    building a new kernel, even on -stable.

    No, no, no - propolice has only been added into the -current tree, so if you are tracking -stable, continue as before. Only critical fixes go into -stable, certainly nothing as huge as a big GCC patch.

  3. Re:well isn't this just gosh darn great! by F2F · · Score: 3, Informative

    umm, here is what i mean (see section 4.2)...

  4. It has nothing to do with stack growth direction. by Ayanami+Rei · · Score: 2, Informative

    On many architectures, intel included, you can grow the stack in either direction. However, the thing here is that Plan 9 always uses stack-grow-down, and it omits frame pointers. They aren't strictly necessary on Intel either (-fomit-frame-pointers) but it can make code undebuggable. Furthermore, this doesn't fix the problem. If you know how far up the stack to manipulate, by overwriting into the next stack frame, you can still cause Plan 9 to jump to malicious code on return. But then, it probably won't do anything interesting without superuser. ^_^

    --
    THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
  5. Re:Tsarkon Reports: More from this Shit Project? by Rheingold · · Score: 2, Informative

    I really shouldn't respond to trolls, but I guess I am anyway. StackGuard is only currently implemented on x86, but I don't think it actually depends on any x86-isms; likewise, even though it is currently only implemented in Linux, it doesn't really depend on any Linux-isms. It's only limited to Linux x86 because that's all anyone with time or money ever bothered to implement it on. I'm told that a GCC 3 implementation is nearly done. I ask about it everytime I venture downtown to have lunch with the WireX folks (I used to work there, but not in the research side).

    --
    Wil
    wiki