Talk:Buffer overflow protection

"Gentoo Linux uses ProPolice according to gcc -v:" Wouldnt that be better put as "Gentoo will use the ssp patch for gcc by default" Since gentoo's packages arent binarys. Stack-Smashing_Protector puts it in a better way --2mcm 21:43, 3 May 2005 (UTC)[reply]

Also Propolice has changed it name to Stack-Smashing_Protector aka ssp --2mcm 21:43, 3 May 2005 (UTC)[reply]

It might be worth mentioning that any cannary based stack guard technique that only guards against overwriting the function return pointers will be incomplete in many cases. this is because these systems usually allow the saved frame pointer to be overwritten, this allows an attacker to, in effect, hijack the pointer to the stack used for the calling routine...to see more about how this is a serious security issue see the article on off-by-one overflows as the exploitation is essencially the same... --Michael Lynn 23:37, 20 March 2007 (UTC)[reply]

It looks fine to me. Graue 15:27, 23 May 2005 (UTC)[reply]

By merging various articles such as StackGaurd and StackGhost and most of the information from ProPolice into this, and moving things around and elaborating on them. Any thoughts? I'd like to also merge ProPolice into this and make it a redirect, but I'm not sure the two have equivalent information. -- Andyluciano 19 Aug 2005 05:24 (UTC)

Okay, they pretty much have equivalent information now. -- Andyluciano 19 Aug 2005 5:45 (UTC)

There are description of several FOSS implementations but nothing about the /GS (guardstack) option of microsoft compilers, I think it would be a worthy addition. Trou 21:39, 22 May 2007 (UTC)[reply]

The revision of 20:42, 3 August 2005 changed the value 13 to 3 with a justification that does not apply to the example. The example shows that there are 13 bytes from the address of "d" to the address of the "b". More than 3 but fewer than 13 written to "d" will corrupt "c" without overwriting the pointer "b". I changed this back to 13. 142.16.23.254 00:33, 11 August 2007 (UTC)[reply]