WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Unable to compile Xen-2.0

To: Jerome Brown <guruswami@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] Unable to compile Xen-2.0
From: Ian Pratt <Ian.Pratt@xxxxxxxxxxxx>
Date: Wed, 27 Oct 2004 02:52:08 +0100
Cc: Xen-devel@xxxxxxxxxxxxxxxxxxxxx, Ian.Pratt@xxxxxxxxxxxx
Delivery-date: Wed, 27 Oct 2004 03:02:33 +0100
Envelope-to: steven.hand@xxxxxxxxxxxx
In-reply-to: Your message of "Wed, 27 Oct 2004 14:41:05 +1300." <417EFCB1.406@xxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
> SSP is Stack Smashing Protection - formerly ProPolice (see 
> http://www.trl.ibm.com/projects/security/ssp/ for more info) and PIE is 
> Position Independent Executable i.e. PIC for binaries. SSP modifies the 
> C compiler to insert initialization code into functions that create a 
> buffer in memory. At run time, when a buffer is created, SSP adds a 
> secret random value, the canary, to the end of the buffer. When the 
> function returns, SSP makes sure that the canary is still intact. If an 
> attacker were to perform a buffer overflow, he would overwrite this 
> value and trigger that stack smashing handler. Currently this kills the 
> target process. (Descriptions borrowed from Gentoo Hardened Project 
> http://www.gentoo.org/proj/en/hardened/) They provide an extra layer of 
> security from attack on a server open to the world.

Does stock Linux work when compiled with SSP enabled? Sounds
pretty scary to me...

Ian


-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel