On Mon, Feb 16, 2009 at 09:00:33AM -0500, ArcSighter Elite wrote:
James Matthews wrote:
I would recommend doing the following things.
1. Ask on the Ubuntu GCC list what protection is implemented. (Or just look
at the source)
2. Use GCC to see where the execution is being redirected and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
James Matthews wrote:
I would recommend doing the following things.
1. Ask on the Ubuntu GCC list what protection is implemented. (Or just look
at the source)
2. Use GCC to see where the execution is being redirected and so you can
have a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:037
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:038
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:039
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:040
http://www.mandriva.com/security/
memset(buf, 'A', 528);
Don't do that. This sort of whoops is exactly what the gcc SSP canary is
designed to stop.
I could comment on this, but... I'll leave it.
I have googled my brains out for a solution, but all I have gathered is
that
my Ubuntu's gcc is compiled with SSP and