ProPolice: best way to fill canary

Neo-Vortex root at
Fri Jul 8 23:04:11 GMT 2005

On Fri, 8 Jul 2005, Jeremie Le Hen wrote:

> Hello hackers,
> I'm going to disturb you once again with ProPolice.  The original
> ProPolice patch, as well as most of FreeBSD variants and Linux one,
> uses /dev/urandom to fill the "canary" with random data (the canary
> is what is going to be put between buffer and return address in the
> stack).  OTOH, OpenBSD uses kern.arnd sysctl to achieve this (this
> is a sysctl front-end to the arc4random() function).

Just one question, why does the canary have to be filled with random data?
Why not just zero it? sure you get a single random value to find out how
many zero's to use, but why waste that much good-quality random data (and
of course if there isn't enough in urandom, you would have to make it loop
till there is enough unless you make it just leave the rest as-is)

IMHO there is no advantages (well, that i can see) of having it random
data rather than just NULL...

Feel free to correct me if i'm wrong...


More information about the freebsd-hackers mailing list