Site Navigation

Date:      Sun, 30 Dec 2007 15:54:14 +0100
From:      =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To:        Anders Hanssen <anders@rethink.no>
Cc:        Gunther Mayer <gunther.mayer@googlemail.com>, freebsd-security@freebsd.org
Subject:   Re: ProPolice/SSP in 7.0
Message-ID:  <86r6h4teqx.fsf@ds4.des.no>
In-Reply-To: <47779402.7060105@rethink.no> (Anders Hanssen's message of "Sun\,  30 Dec 2007 13\:50\:10 %2B0100")
References:  <477277FF.30504@googlemail.com> <86myrvhht9.fsf@ds4.des.no> <20071227195833.154b41ae@kan.dnsalias.net> <4774EB0F.90103@googlemail.com> <20071228200428.J6052@odysseus.silby.com> <47779402.7060105@rethink.no>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

Anders Hanssen <anders@rethink.no> writes:
> A look at the generated code confirms it does not use ssp for overrun()
>
> void
> overrun(const char *str)
> {
>     int x;
>     char a[4];
>     int y;
>
>     strcpy(a, str);
>     printf("hi");
> }
>
> # gcc -S -fstack-protector test.c

Use -fstack-protector-all instead.

> Anyway, I don't know why gcc fail to see that overrun() needs
> protection.

Because you didn't RTFM...

DES
-- 
Dag-Erling Smørgrav - des@des.no

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86r6h4teqx.fsf>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact