Stack Smashing Protector: Difference between revisions
Jump to navigation
Jump to search
[unchecked revision] | [unchecked revision] |
Content added Content deleted
No edit summary |
(Add 'See Also' section with some external links.) |
||
Line 36: | Line 36: | ||
Don't forget to add '''-fstack-protector-all''' to the gcc flags. |
Don't forget to add '''-fstack-protector-all''' to the gcc flags. |
||
== See Also == |
|||
=== Articles === |
|||
=== Threads === |
|||
=== External Links === |
|||
* [http://www.trl.ibm.com/projects/security/ssp/ GCC extension for protecting applications from stack-smashing attacks] |
|||
* [[wikipedia:Buffer overflow protection|Buffer overflow protection]] on Wikipedia |
|||
[[Category:Security]] |
[[Category:Security]] |
Revision as of 01:08, 10 August 2009
GCC Stack-Smashing Protector (ProPolice)
What is it?
The GCC SSP protects the stack from buffer overflows. If a buffer overflow occurs, you're informed instantly.
How to implement it?
When you started with OS developing, you might have seen that following error:
... undefined reference to __stack_chk_fail
... undefined reference to __stack_chk_guard
That's the SSP! You probably just didn't care about it and disabled it.
Now, implementing this feature is dead easy and it is a really handy thing.
void * __stack_chk_guard = NULL;
void __stack_chk_guard_setup() { unsigned char * p; p = (unsigned char *) &__stack_chk_guard; p[sizeof(__stack_chk_guard)-1] = 255; /* <- this should be probably randomized */ p[sizeof(__stack_chk_guard)-2] = '\n'; p[0] = 0; }
void __sttribute__((noreturn)) __stack_chk_fail() { /* put you're panic or whatever in here */ unsigned char * vid = (unsigned char *)0xB8000; vid[1] = 7; for(;;) vid[0]++; }
Call __stack_chk_guard_setup at early boot stage, from there on you're protected from most buffer overflows.
Don't forget to add -fstack-protector-all to the gcc flags.