stack protector only aborts in 99.5%

Robert Connolly robert at linuxfromscratch.org
Sat May 10 15:53:27 PDT 2008


The test programs could be improved to exploit the overflow rather than crash 
the program.

The Libsafe test suite can also be used, and PaX's, to give you more diverse 
tests, and to check that Glibc is doing it's job. They're more clear about 
what is vulnerable and what is not.

robert

On Saturday May 10 2008 06:40:07 pm Robert Connolly wrote:
> I did notice that Glibc needs more to overflow than Libssp. NetBSD's tests
> for Libssp work as-is with GCC's Libssp, but for Glibc I needed to add
> several more characters to overflow the test programs. I never checked why,
> and have no idea why.
>
> robert


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20080510/41cf3817/attachment.sig>


More information about the hlfs-dev mailing list