Leslie Ann Ong wrote:
> Hi,
>
> I'm a student at Oregon Graduate Institute
> and am currently working on a project
> involving Mozilla.
>
> I need to modify some Mozilla source code
> (for project purposes, not for distribution
> of anykind) to enable it to handle plug-ins
> compiled using StackGuard.
>
> Stackguard is a gcc compiler enhancement to protect
> programs against stack smashing attacks. The
> Stackguard code generator produces programs that
> defend themselves against stack smashing attack by doing
> integrity checks on the stack PRIOR to returning
> from function calls. It does this by inserting canary
> word before the return address in a stack frame.
>
> Since Mozilla employs a custom interface for plug-ins,
> it won't be able to recognize stack frames with
> such a canary word inserted.
>
> I need to change some code in Mozilla so that it
> can recognze plug-ins compiled using StackGuard.
> I've browsed through the Mozilla code for almost
> 2 weeks now but still can't pinpoint where I should
> begin.
>
> I am wondering if you can help me know where to
> start.
>
> I really am looking forward to hearing from you.
>
> Thank you very much.
>
>
> Leslie Ann Ong
Neat idea. How do you tell if a specific shared library has been
compiled with stack guard? In mozilla's case each plugin is a shared
library. Actually, in the new world they are just components but it
still boils down to being a shared library.
--Chris
