Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)



On Fri, Nov 13, 2009 at 08:20:57AM -0500, Steven Bellovin wrote:
 > > Note that quite a few packages break with SSP.
 > 
 > Hmm -- why?  Buffer overflows that haven't been exploited yet?

It's allergic to alloca(), and anything equivalent to alloca() like
variable-sized arrays on the stack.

-- 
David A. Holland
dholland%netbsd.org@localhost


Home | Main Index | Thread Index | Old Index