Date: Sun, 30 Dec 2007 15:54:14 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Anders Hanssen <anders@rethink.no> Cc: Gunther Mayer <gunther.mayer@googlemail.com>, freebsd-security@freebsd.org Subject: Re: ProPolice/SSP in 7.0 Message-ID: <86r6h4teqx.fsf@ds4.des.no> In-Reply-To: <47779402.7060105@rethink.no> (Anders Hanssen's message of "Sun\, 30 Dec 2007 13\:50\:10 %2B0100") References: <477277FF.30504@googlemail.com> <86myrvhht9.fsf@ds4.des.no> <20071227195833.154b41ae@kan.dnsalias.net> <4774EB0F.90103@googlemail.com> <20071228200428.J6052@odysseus.silby.com> <47779402.7060105@rethink.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Anders Hanssen <anders@rethink.no> writes:
> A look at the generated code confirms it does not use ssp for overrun()
>
> void
> overrun(const char *str)
> {
> int x;
> char a[4];
> int y;
>
> strcpy(a, str);
> printf("hi");
> }
>
> # gcc -S -fstack-protector test.c
Use -fstack-protector-all instead.
> Anyway, I don't know why gcc fail to see that overrun() needs
> protection.
Because you didn't RTFM...
DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86r6h4teqx.fsf>