Talk:Stack Smashing Protector
Jump to navigation
Jump to search
Err...
I looked at the IBM page linked. It uses a random value for the whole guard, or the { 0, 0, '\n', 255 } sequence I changed the article to. No randomizing of only the 255. It doesn't explain anything about the "why", though, and if I see it correctly the page refers to a patch to GCC. We have no idea how GCC implements it internally in the current version. Some more information as to the significance of the { 0, 0, '\n', 255 } sequence would be nice. -- Solar 13:42, 2 July 2010 (UTC)
- [1]: "If no random numbers are available, the four bytes { 0, 0, "\n", 255 } are used. Most read-functions terminate when reading one of this values. So it's not possible to overwrite the stackframe pointer or the return address." -- Alfaomega08 03:53, 10 June 2012 (CDT)