On Sun, Jul 10, 2005 at 09:52:12AM -0400, Brian Gerst wrote: > > What exactly does it do? it's a port to gcc4 of the "propolice" stuff; it does 2 things 1) it sorts the variables on the stack with the goal of putting no critical non-buffer variables after the buffer, so that overflows have less stuff to scribble over. 2) It puts a canary on the stack (in some conditions), so that overwrites of the function return address caused by buffer overflows need to also overwrite the canary, which is then detected before the actual return value is used. Result is that stack overflows get a lot trickier to exploit since one would need to guess the value of the canary (which is random and stored in per thread data) before a return address can successfully overwritten. -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-test-list