| 1 |
AFAIK FORTIFY_SOURCE only works in fixed size buffers. To me ssp is a more |
| 2 |
complete (and slightly different) approach, while FORTIFY_SOURCE checks the |
| 3 |
existence of a buffer overflow directly, ssp does it by checking the |
| 4 |
modification of the canary (indirect approach) but could get applied with |
| 5 |
any kind of code since it's not limited to fixed size buffers. SSP to me is |
| 6 |
really necessary |
| 7 |
|
| 8 |
http://www.trl.ibm.com/projects/security/ssp/ |
| 9 |
http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html |
| 10 |
|
| 11 |
2010/5/18 Peter Hjalmarsson <xake@×××××××××.net> |
| 12 |
|
| 13 |
> |
| 14 |
> |
| 15 |
> I would say you're worrying too much. |
| 16 |
> |
| 17 |
> The important part in the toolchain equation is really PIE (and of |
| 18 |
> course -z,now, relro and those other stuff people forgets about) to give |
| 19 |
> you ASLR, and it is there in hardened gcc-4.3 in tree. SSP is also there |
| 20 |
> to some extent because it is implemented in FORTIFY_SOURCE which is |
| 21 |
> enabled in all of gentoo by default. |
| 22 |
> So I would say that the extra part SSP from GCC is nice but not |
| 23 |
> necessary. |
| 24 |
> |
| 25 |
> Regards |
| 26 |
> Peter |
| 27 |
> |
| 28 |
> |
| 29 |
> |
| 30 |
> |
Archives