Integration of ProPolice in FreeBSD
Marcel Moolenaar
xcllnt at mac.com
Fri Apr 18 18:46:36 UTC 2008
On Apr 18, 2008, at 9:58 AM, Jeremie Le Hen wrote:
> This should theorically work for all arch as, from what I've read,
> ProPolice takes place at the intermediate representation level of the
> compiler. This should therefore be architecture agnostic.
The question is whether it will actually make a difference on ia64?
The stack does not contain any of the "objects" that ProPolice
tries to protect from "stack-smashing" attacks, so what good is the
added overhead?
> Basically, a "canary" is randomly chosen when the program starts (this
> part lives in libc). GCC inserts code in prologue and epilogue of all
> functions that contains a buffer of 8 or more bytes. In the prologue,
> the canary is pushed on the stack right after the return valued has
> been
> pushed, and this value is then checked in function epilogue. If the
> value in the stack has changed, there has been a buffer overflow
The ia64 architecture has been designed to eliminate use of the
stack as much as possible for performance reasons. ProPolice does
add significant overhead for no good reason AFAICT.
So, let's assume at this time that ia64 is out and that an opt-out
is reasonable (given that ia64 is expected to be the only one that
doesn't need it).
--
Marcel Moolenaar
xcllnt at mac.com
More information about the freebsd-arch
mailing list