Re: libkern stack_protector
:On Fri, Jan 28, 2005 at 05:29:03PM -0500, Robert Connolly wrote:
:> Hello. In regards to your:
:> src/sys/libkern/stack_protector.c
:>
:> You have:
:> #if BYTE_ORDER == LITTLE_ENDIAN
:> int __guard = 0x00000aff;
:> #else
:> int __guard = 0xff0a0000;
:> #endif
:>
:> Why do you check for endianness?
:
:Because the order of the cookie bytes changes the meaning of
:how overflowing buffers are used.
:
:Joerg
:
:>
:> robert
Right. The idea of the cookie is to catch an overflow. Catching
an overflow means emplacing the cookie such that a one-byte overflow
is likely to be caught. We'd rather have a non-zero byte for the first
byte of the overflow area rather then a zero byte.
Why aren't all the bytes non-zero? Because we also want the guard
to provide at least one zero byte for string termination. And there
are a few other reasons too. It's mostly inconsequential but there is
a method behind the madness.
-Matt
Matthew Dillon
<dillon@backplane.com>
討論串 (同標題文章)