Hi, Jakub, thanks!

The thing is that ssp-buffer-size controls array-size limit, but we
also want to protect attacks via struct/union, and other frame address
casting. One of the places I've wanted to have stack protector was in
routines that fill a structure from some binary input stream. In most
attacks this includes an array overflow, but I've seen weird code
where code is trying to be smart and fill a potentially variable-sized
structure (e.g. a union of possible structures), and just blasts the
stack with an unbound memcpy, even when those structures contain no
arrays. It's significantly more rare than the cases with arrays, but
these do need to be protected (for us).

-Han

On Fri, Dec 2, 2011 at 12:54 AM, Jakub Jelinek <ja...@redhat.com> wrote:
>
> On Tue, Nov 29, 2011 at 03:53:50PM -0800, Han Shen(沈涵) wrote:
> > Hi, I propose to add to gcc a new option regarding stack protector -
> > "-fstack-protector-strong", in addition to current gcc's
> > "-fstack-protector-all", which protects ALL functions, and
> > "-fstack-protector", which protects functions that have a big
> > (signed/unsigned) char array or have alloca called.
>
> Isn't -fstack-protector --param ssp-buffer-size=4 (or =2) enough for you?
>
>        Jakub

Reply via email to