Stack Smashing Protector: Difference between revisions
Jump to navigation
Jump to search
| [unchecked revision] | [unchecked revision] |
Content added Content deleted
(New page: == GCC Stack-Smashing Protector (ProPolice) == === What is it? === The GCC SSP protects the stack from buffer overflows. If a buffer overflow occurs, you're informed instantly. === How to...) |
No edit summary |
||
| Line 36: | Line 36: | ||
Don't forget to add '''-fstack-protector-all''' to the gcc flags. |
Don't forget to add '''-fstack-protector-all''' to the gcc flags. |
||
[[Category:Security]] |
|||
Revision as of 19:59, 21 June 2009
GCC Stack-Smashing Protector (ProPolice)
What is it?
The GCC SSP protects the stack from buffer overflows. If a buffer overflow occurs, you're informed instantly.
How to implement it?
When you started with OS developing, you might have seen that following error:
... undefined reference to __stack_chk_fail
... undefined reference to __stack_chk_guard
That's the SSP! You probably just didn't care about it and disabled it.
Now, implementing this feature is dead easy and it is a really handy thing.
void * __stack_chk_guard = NULL;
void __stack_chk_guard_setup()
{
unsigned char * p;
p = (unsigned char *) &__stack_chk_guard;
p[sizeof(__stack_chk_guard)-1] = 255; /* <- this should be probably randomized */
p[sizeof(__stack_chk_guard)-2] = '\n';
p[0] = 0;
}
void __sttribute__((noreturn)) __stack_chk_fail()
{ /* put you're panic or whatever in here */
unsigned char * vid = (unsigned char *)0xB8000;
vid[1] = 7;
for(;;)
vid[0]++;
}
Call __stack_chk_guard_setup at early boot stage, from there on you're protected from most buffer overflows.
Don't forget to add -fstack-protector-all to the gcc flags.