On Saturday, April 13, 2013 08:36:53 PM Kevin Kofler wrote:
> (1) -fstack-protector{,-all} doesn't implement full bounds
checking
> for every C object.
But it prevents (with probability (256^n-1)/256^n, where n is the size of
the canary in bytes, which for n=4 is approximately .99999999976717)
exploiting the overflows to change the return address of any C function.
There is the off chance that an attacker correctly guesses the canary value.
:-)
One thing that I found in doing a recent study was that there is a build
system, scons, where our defaults are not getting used during compile. For
example, the zfs-fuse package uses the scons build system. It did not have
PIE, RELRO, stack protector, or FORTIFY_SOURCE anywhere. Anything else that
uses scons should be inspected for similar problems.
-Steve