On Wed, 13 Aug 2003, Patrick Dolan wrote: > There is a flag for the Gnu C/C++ compilers, -fstack-protector, that will > implement ProPolice stack protection. It should prevent stack smashing > techniques. > ProPolice (http://www.research.ibm.com/trl/projects/security/ssp/) is a great tool that not only protects the return address on the stack, but also changes the order of local variables and protects the function arguments! It's a way better protector than StackGuard and is a way more efficient than a "two stack approach", providing _almost_ as good protection, which sometimes is even better!!![1] [1]: it protects the local variables (pointer) and function arguments, which neither StagGuard nor StackShield ("two stack approach") do. -- Mariusz Wo³oszyn Internet Security Specialist, GTS - Internet Partners
