XCode 3 Supports Stack Canaries
XCode 3 Supports Stack Canaries
- Subject: XCode 3 Supports Stack Canaries
- From: "Michael Crawford" <email@hidden>
- Date: Mon, 3 Dec 2007 16:51:02 -0800
I thought I should point out a gcc feature that's new in XCode 3:
Stack Canaries. I learned about them just now in a discussion of
security on Slashdot. I don't recall them ever being mentioned in any
of the XCode release notes.
A Stack Canary is a bit of data with a known value that's added to a
stack frame when it's entered, and checked just before function
return. If the value has been changed, a message is printed and the
program exits.
This can protect against buffer overflow attacks on stack variables.
The name comes from the use of real canaries in mines to warn miners
of toxic gases; canaries are more sensitive to them than humans are,
so a passed-out canary can save lives.
To use Stack Canaries, add the -fstack-protector flag to your GCC
command line. In an XCode project, add that to your "other C flags"
or "Other C++ flags" in the build settings. See "man gcc" for more
information.
They are explained in detail at
http://en.wikipedia.org/wiki/Stack-smashing_protection
The article claims that they have a very minimal performance impact;
they'll add a small amount to function call overhead, but on today's
processors that would be quite miniscule.
One thing I'd like to see is a way to override the function that
prints the message and exits, so that one can show an alert instead,
and possibly try to save the user's document.
Enjoy!
Mike
--
Michael David Crawford
mdcrawford at gmail dot com
Enjoy my art, photography, music and writing at
http://www.geometricvisions.com/
--- Free Music Downloads ---
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden