OSDev.wiki

Stack Smashing Protector: Difference between revisions

Page Discussion

Stack Smashing Protector (view source)

Revision as of 11:25, 2 October 2016

39 bytes removed ,  7 years ago
Rephrase the explanation for why the method works
[unchecked revision][unchecked revision]
VisualWikitext
m (formatting)
(Rephrase the explanation for why the method works)
Line 35:
defusing such attacks.
 
The detection ismethod works perfectbecause it is a impossible to fakeget the correct value, i.e. thevia
trial and error. Since one incorrect canary value prevents further alterations,
attacker doesn't have full control over what bytes can be written. The attacker
cannotan changeattacker furthercannot stackkeep contentstrying undetected if fakinguntil the correct value is found. In the example
above, if the canary contained a zero byte, it would be impossible to guess its
stops the output. For instance, if the canary in the strcpy example above
existence and position by trial and error. This forces the attacker to either
contains a zero byte, it is impossible to fake that byte in the canary without
not attack, or be detected and be unable to alter the stack any further. This
stopping the output. This forces the attacker to either not attack, be detected,
does not mean that the buffer cannot be exploited. For example, if 16 bytes are
or not change any further stack contents. This doesn't mean the buffer overrun
written to the buffer above and it is not null-terminated, unintended behaviour
is always unexploitable: The string is now 16 characters instead of the intended
can still take place later on during program execution.
limit of 15 characters, this can cause other unintended behavior during the
continued program execution.
 
Note how there is only a single protective value, not every variable is
Anonymous user
Retrieved from "https://osdev.wiki/wiki/Special:MobileDiff/23830"