gcc stack-smashing protector (for gcc-ss-20001101)
H. ICHIKAWA
seraf@2600.COM
Tue Nov 7 23:21:00 GMT 2000
Geoff Keating <geoffk@geoffk.com> writes:
> This seems to be a large and complex patch for a feature of limited
> usefulness which is already implemented by gcc in a more general form
> (using the full bounds-checking implementation).
Jones & Kelly may be more general, but it can be awfully slow, and it
solves a large set of problems which many people may not want to address
at the expenense of runtime performance. Hiroaki's patch addresses a
subset of those problems, namely the ones with a history of being
exploited maliciously, with what I fathom to be less overhead.
If Jones & Kelly had already solved the stack-smashing issue
satisfactorally, nobody would care about StackGuard, or be doing all this
research.
I recommend reading the Propolice paper:
http://www.trl.ibm.co.jp/projects/security/propolice/main.html
More information about the Gcc-patches
mailing list