Talk:Buffer overflow protection

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computer Security / Computing   
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
 ???  This article has not yet received a rating on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.
 

Gentoo and ProPolice[edit]

"Gentoo Linux uses ProPolice according to gcc -v:" Wouldnt that be better put as "Gentoo will use the ssp patch for gcc by default" Since gentoo's packages arent binarys. Stack-Smashing_Protector puts it in a better way --2mcm 21:43, 3 May 2005 (UTC)

Also Propolice has changed it name to Stack-Smashing_Protector aka ssp --2mcm 21:43, 3 May 2005 (UTC)

It might be worth mentioning that any cannary based stack guard technique that only guards against overwriting the function return pointers will be incomplete in many cases. this is because these systems usually allow the saved frame pointer to be overwritten, this allows an attacker to, in effect, hijack the pointer to the stack used for the calling routine...to see more about how this is a serious security issue see the article on off-by-one overflows as the exploitation is essencially the same... --Michael Lynn 23:37, 20 March 2007 (UTC)

Why is this marked as in need of cleanup?[edit]

It looks fine to me. Graue 15:27, 23 May 2005 (UTC)

I've tried to clean this up a little[edit]

By merging various articles such as StackGaurd and StackGhost and most of the information from ProPolice into this, and moving things around and elaborating on them. Any thoughts? I'd like to also merge ProPolice into this and make it a redirect, but I'm not sure the two have equivalent information. -- Andyluciano 19 Aug 2005 05:24 (UTC)

Okay, they pretty much have equivalent information now. -- Andyluciano 19 Aug 2005 5:45 (UTC)

what about /GS ?[edit]

There are description of several FOSS implementations but nothing about the /GS (guardstack) option of microsoft compilers, I think it would be a worthy addition. Trou 21:39, 22 May 2007 (UTC)

example of canary[edit]

The revision of 20:42, 3 August 2005 changed the value 13 to 3 with a justification that does not apply to the example. The example shows that there are 13 bytes from the address of "d" to the address of the "b". More than 3 but fewer than 13 written to "d" will corrupt "c" without overwriting the pointer "b". I changed this back to 13. 142.16.23.254 00:33, 11 August 2007 (UTC)

Someone else made this change in 2010. Putting it back... .froth. (talk) 04:35, 17 January 2012 (UTC)

reference to immunix paper is spam?[edit]

the cited immunix paper [1] is hardly spam. immunix was a DARPA-funded research project which produced the original stackguard. other benchmark sources: [2], [3] Tfinn 03:02, 17 August 2007 (UTC)

Guard page?[edit]

I came to this article via the redirect guard page (found under sprintf). This article here currently does not explain what a guard page is. Can someone explain? Thanks, --Abdull (talk) 13:53, 10 March 2010 (UTC)

Rename article to "stack protection"?[edit]

Everything in this article only refers stack protection, not to buffer overflow protection in general. I think this article should be renamed to "stack protection" or maybe even "stack-smashing protection", because that's the common parlance in GCC circles. Opinions? MalcolmInglis (talk) 09:58, 27 September 2013 (UTC)