Thus spake Garance A Drosihn <[EMAIL PROTECTED]>: > I agree that random offsets will not buy much in the way of > security, but it might make some kinds of initialization errors > more obvious. I'm thinking of the kind of errors where a routine > forgets to initialize a key variable, but everything "seems to > work" because the routine happens to always pick up the same > value off the stack. By adding random offsets, the routine > *might* at least behave differently each time it's run.
Nondeterminism is nearly always a bad thing when debugging. Maybe random stack offsets would be a useful component in some sort of stress test, but I'm not sure I'd like to see such a feature used in production. As far as preventing buffer overflows goes, there are already enough ad hoc techniques like Stack Guard out there that only lessen the impact of a bug, and even then only sometimes. A much better approach is to develop better coding practices (better language features) and use static checking for legacy code. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
