Xen project Mailing List

Re: [Xen-devel] Unable to compile Xen-2.0

To: Jerome Brown <guruswami@xxxxxxxxxxxx>

From: Ian Pratt <Ian.Pratt@xxxxxxxxxxxx>

Date: Wed, 27 Oct 2004 02:52:08 +0100

Cc: Xen-devel@xxxxxxxxxxxxxxxxxxxxx, Ian.Pratt@xxxxxxxxxxxx

Delivery-date: Wed, 27 Oct 2004 03:02:33 +0100

List-id: List for Xen developers <xen-devel.lists.sourceforge.net>

> SSP is Stack Smashing Protection - formerly ProPolice (see > http://www.trl.ibm.com/projects/security/ssp/ for more info) and PIE is > Position Independent Executable i.e. PIC for binaries. SSP modifies the > C compiler to insert initialization code into functions that create a > buffer in memory. At run time, when a buffer is created, SSP adds a > secret random value, the canary, to the end of the buffer. When the > function returns, SSP makes sure that the canary is still intact. If an > attacker were to perform a buffer overflow, he would overwrite this > value and trigger that stack smashing handler. Currently this kills the > target process. (Descriptions borrowed from Gentoo Hardened Project > http://www.gentoo.org/proj/en/hardened/) They provide an extra layer of > security from attack on a server open to the world. Does stock Linux work when compiled with SSP enabled? Sounds pretty scary to me... Ian ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.