On Nov 7, 10:17am, thorpej@shagadelic.org (Jason Thorpe) wrote:
-- Subject: Re: ssp and gcc-4.1

| On Nov 7, 2006, at 10:13 AM, Christos Zoulas wrote:
| 
| > Because the caller function cannot pre-compute the amount of stack  
| > space
| > the callee is going to use in order to place the stack signature I  
| > think.
| 
| This sounds to me like it's just a deficiency in the implementation.   
| The run-time has all of the data necessary to make this calculation,  
| yes?  Seems pretty bogus that ssp requires it to be computed at  
| compile-time.

The caller doesn't since the callee can call alloca() with a number
of bytes determined at runtime. So the callee needs to communicate
to the caller where it placed the stack signature. The usefulness of
providing such calling convention is dubious because it adds a lot
of complexitity and it opens the door for the person who writes
the exploit to use the same call to disable the checking for the
caller.

christos