1 |
AFAIK FORTIFY_SOURCE only works in fixed size buffers. To me ssp is a more |
2 |
complete (and slightly different) approach, while FORTIFY_SOURCE checks the |
3 |
existence of a buffer overflow directly, ssp does it by checking the |
4 |
modification of the canary (indirect approach) but could get applied with |
5 |
any kind of code since it's not limited to fixed size buffers. SSP to me is |
6 |
really necessary |
7 |
|
8 |
http://www.trl.ibm.com/projects/security/ssp/ |
9 |
http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html |
10 |
|
11 |
2010/5/18 Peter Hjalmarsson <xake@×××××××××.net> |
12 |
|
13 |
> |
14 |
> |
15 |
> I would say you're worrying too much. |
16 |
> |
17 |
> The important part in the toolchain equation is really PIE (and of |
18 |
> course -z,now, relro and those other stuff people forgets about) to give |
19 |
> you ASLR, and it is there in hardened gcc-4.3 in tree. SSP is also there |
20 |
> to some extent because it is implemented in FORTIFY_SOURCE which is |
21 |
> enabled in all of gentoo by default. |
22 |
> So I would say that the extra part SSP from GCC is nice but not |
23 |
> necessary. |
24 |
> |
25 |
> Regards |
26 |
> Peter |
27 |
> |
28 |
> |
29 |
> |
30 |
> |