DragonFly BSD
DragonFly kernel List (threaded) for 2005-01
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: libkern stack_protector

From: Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date: Sat, 29 Jan 2005 11:45:53 -0800 (PST)

:On Fri, Jan 28, 2005 at 05:29:03PM -0500, Robert Connolly wrote:
:> Hello. In regards to your:
:> src/sys/libkern/stack_protector.c
:> You have:
:> int __guard = 0x00000aff;
:> #else
:> int __guard = 0xff0a0000;
:> #endif
:> Why do you check for endianness? 
:Because the order of the cookie bytes changes the meaning of
:how overflowing buffers are used.
:> robert

    Right.  The idea of the cookie is to catch an overflow.  Catching
    an overflow means emplacing the cookie such that a one-byte overflow
    is likely to be caught.  We'd rather have a non-zero byte for the first
    byte of the overflow area rather then a zero byte.  

    Why aren't all the bytes non-zero?  Because we also want the guard
    to provide at least one zero byte for string termination.  And there
    are a few other reasons too.  It's mostly inconsequential but there is
    a method behind the madness.

					Matthew Dillon 

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]