| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
Re: [Xen-devel] Unable to compile Xen-2.0
> SSP is Stack Smashing Protection - formerly ProPolice (see
> http://www.trl.ibm.com/projects/security/ssp/ for more info) and PIE is
> Position Independent Executable i.e. PIC for binaries. SSP modifies the
> C compiler to insert initialization code into functions that create a
> buffer in memory. At run time, when a buffer is created, SSP adds a
> secret random value, the canary, to the end of the buffer. When the
> function returns, SSP makes sure that the canary is still intact. If an
> attacker were to perform a buffer overflow, he would overwrite this
> value and trigger that stack smashing handler. Currently this kills the
> target process. (Descriptions borrowed from Gentoo Hardened Project
> http://www.gentoo.org/proj/en/hardened/) They provide an extra layer of
> security from attack on a server open to the world.
Does stock Linux work when compiled with SSP enabled? Sounds
pretty scary to me...
Ian
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
|
|
|
| |
|
Home