cvs commit: src/contrib/gcc protector.c protector.h Makefile.in calls.c combine.c cse.c explow.c expr.c flags.h function.c gcse.c integrate.c libgcc2.c loop.c optabs.c reload1.c toplev.c src/gnu/usr.bin/cc/cc_int Makefile

[Jeroen Ruigrok/asmodai]

-On [20031210 23:42], Matthew Dillon (dillon at xxxxxxxxxxxxxxxxxxxxxxx) wrote:
>  Add -fstack-protector and -fno-stack-protector support to GCC.  Note
>  that the default is set to no protection (what it was before).  See:
>  
>      http://www.trl.ibm.com/projects/security/ssp/
>  
>  Submitted-by: Ryan Dooley <dooleyr at xxxxxxxxxxxx>

Just wondering, wouldn't this allow someone to get hold of something
like SEIP, put shellcode on the heap and run that?

This is why they went the W^X way for all I know.

-- 
Jeroen Ruigrok van der Werven <asmodai(at)wxs.nl> / asmodai / kita no mono
PGP fingerprint: 2D92 980E 45FE 2C28 9DB7  9D88 97E6 839B 2EAC 625B
http://www.tendra.org/   | http://diary.in-nomine.org/
Be wiser than other people if you can; but do not tell them so...