Stack Smashing Protector: Difference between revisions
Jump to navigation
Jump to search
[unchecked revision] | [unchecked revision] |
Content deleted Content added
Add 'See Also' section with some external links. |
fixed grammar/typos; gave brief description of how SSP works |
||
Line 1: | Line 1: | ||
== GCC Stack-Smashing Protector (ProPolice) == |
== GCC Stack-Smashing Protector (ProPolice) == |
||
=== What is it? === |
=== What is it? === |
||
The GCC SSP protects the stack from buffer overflows. If a buffer overflow occurs, you're informed instantly. |
The GCC SSP protects the stack from buffer overflows. If a buffer overflow occurs, you're informed instantly. The way this works is by inserting a "canary" value into the stack frame that, if changed, indicates a buffer overflow or stack corruption. This feature can not only detect buffer overflows, malicious or accidental, but also may help in detecting other stack-related bugs that are often found in kernel code. |
||
=== How to implement it |
=== How to implement it === |
||
When you started |
When you started OS developing, you might have seen that following error: |
||
... undefined reference to '''__stack_chk_fail''' |
... undefined reference to '''__stack_chk_fail''' |
||
Line 10: | Line 10: | ||
... undefined reference to '''__stack_chk_guard''' |
... undefined reference to '''__stack_chk_guard''' |
||
That's the SSP! You probably just didn't care about it and disabled it. |
That's actually the SSP! You probably just didn't care about it and disabled it. |
||
Now, implementing this feature is dead easy and it is a really handy thing. |
Now, implementing this feature is dead easy and it is a really handy thing. |
||
Line 25: | Line 25: | ||
} |
} |
||
void |
void __attribute__((noreturn)) __stack_chk_fail() |
||
{ /* put |
{ /* put your panic function or similar in here */ |
||
unsigned char * vid = (unsigned char *)0xB8000; |
unsigned char * vid = (unsigned char *)0xB8000; |
||
vid[1] = 7; |
vid[1] = 7; |