ProPolice/SSP (Fantastic Japanese Stuff)



A typical stack frame...

Random value is inserted here by function
prologue ...
         ... and checked by function epilogue

Reordering:  Arrays (strings) placed closer
to random value -- integers and pointers
placed further away


-fstack-protector-all compiled system is 1.3% slower at make build

We have found *NOTHING* which breaks as a result of ProPolice
(well we found a few things, but they were exploitable.....)

BENEFITS SECURITY:	Finds bugs and makes them unexploitable
VERY LOW COST:	Every vendor should use it