Stack Smashing Protector: Difference between revisions
Jump to navigation
Jump to search
| [unchecked revision] | [unchecked revision] |
Content deleted Content added
→How to implement it: Fix the canary setter to something that works. It's now pretending to be exception-throwing code, a null terminator, and a likely invalid pointer. |
|||
| Line 75: | Line 75: | ||
</source> |
</source> |
||
You should call <tt>__stack_chk_guard_setup</tt> at early boot stage, in particular before calling any C code with the stack protector enabled. If you try it later, the value that's already on the stack will be compared to the updated one, which inadvertently triggers the panic. Don't forget to add <tt>-fstack-protector-all</tt> to the gcc flags, except for the file actually containing <tt>__stack_chk_guard_setup</tt>. |
|||
Call '''__stack_chk_guard_setup''' at early boot stage, from there on you're protected from most buffer overflows. |
|||
After that, you'll find yourself protected from the majority of buffer overflows. There are other settings available than <tt>-fstack-protector-all</tt>, which you can use to only check the stack whenever there's a likely possibility of a buffer being overused instead of everywhere. |
|||
Don't forget to add '''-fstack-protector-all''' to the gcc flags. |
|||
== See Also == |
== See Also == |
||