ProPolice/SSP in 7.0
Dag-Erling Smørgrav
des at des.no
Sun Dec 30 06:54:24 PST 2007
Anders Hanssen <anders at rethink.no> writes:
> A look at the generated code confirms it does not use ssp for overrun()
>
> void
> overrun(const char *str)
> {
> int x;
> char a[4];
> int y;
>
> strcpy(a, str);
> printf("hi");
> }
>
> # gcc -S -fstack-protector test.c
Use -fstack-protector-all instead.
> Anyway, I don't know why gcc fail to see that overrun() needs
> protection.
Because you didn't RTFM...
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list