
	Where results make sense

Topic: ProPolice

Related Topics

Tanach

Connor

TV show

Iskandar

Davidia

Ford Capri

Ketamine

Dark L

Pehr Kalm

Lincoln

Timequake

List of Virtual Boy games

Joan Fontaine

Demographics of Germany

Frank Oz

In the News (Thu 26 Nov 09)

Northern Trust

Marvin Harrison

Peter Chernin

Gary Locke

Match Play

Penelope Cruz

Mickey Rourke

AR Rahman

Danny Boyle

Hugh Jackman

	Stack-smashing protection - Wikipedia, the free encyclopedia
		Typically, stack-smashing protection modifies the organization of data in the stack frame of a function call to include a "canary" value which, when destroyed, shows that a buffer preceding it in memory has been overflowed.
		Under OpenBSD, ProPolice is enabled by default, and the -fno-stack-protector flag disables it.
		Stack-smashing protection is a change to the compiler; and as such, it is possible for the protection to alter the structure of the data on the stack frame.
	en.wikipedia.org /wiki/ProPolice (1771 words)

	blackant.net: other: docs: benchmarks: propolice on openbsd
		OpenBSD 3.1-release, 3.2-release, 3.3-current (20030508 snapshot), and 3.3-current (same snapshot) with a propolice enabled kernel (from 20030513 cvs) were installed on two machines: an Athlon XP and a Pentium 166.
		The overall difference between 3.2 and 3.3 (sans propolice kernel) is 4.7% on the athlon and 9.3% on the pentium.
		The overall difference between current with and without propolice kernels is 2% on the athlon and 0.7% on the pentium.
	www.blackant.net /other/docs/benchmarks/propolice.php (699 words)

	ONLamp.com: An Interview with OpenBSD's Marc Espie
		During compilation, ProPolice detects such buffers, and adds code that inserts a so-called "canary" beyond the end of the buffer (the canary image is a mining analogy.
		ProPolice has found tons of bugs in various programs that shipped with the system.
		Add ProPolice, and suddenly you're sending gcc through some dark venues that have seen less attention, and all of a sudden you are fixing actual, genuine bugs in gcc.
	www.onlamp.com /pub/a/bsd/2004/03/18/marc_espie.html (1665 words)

	Security focused operating system - Wikipedia, the free encyclopedia
		It employs a PaX and ProPolice protected base, and utilizes the RSBAC Mandatory access control system.
		The Hardened Gentoo project is an extremely modular project, and also provides subprojects to integrate other intrusion-detection and Mandatory access control systems into Gentoo.
		All of these can be optionally installed in any combination, with or without PaX and a ProPolice base.
	en.wikipedia.org /wiki/Security_focused_operating_system (611 words)

	Stack smash protection bei eLexi - das Onlinelexikon (Site not responding. Last check: 2007-10-08)
		A stack smash attack is a type of attack based on a buffer overflow which raises serious computer security vulnerabilities.
		StackGuard is suggested for implimentation in gcc according to the GCC 2003 Summit Proceedings and ;" class="external">http://immunix.org/stackguard.html; however, gcc uses neither StackGuard nor ProPolice as of 3.3.3.
		ProPolice is implimented for gcc as a patch, up to gcc version 3.4.0.
	www.elexi.de /en/s/st/stack_smash_protection.html (1212 words)

	[No title] (Site not responding. Last check: 2007-10-08)
		Propolice is a patch against the gnu compiler chain.
		ProPolice protects the return address on the stack from being overwritten, with minimal time and space overhead.
		It does nothing to protect the heap, and ProPolice does not protect functions containing arrays of length 7 or less.
	www.jvds.com /wiki/database/ProPolice (231 words)

	Re: Buffer overflow prevention
		If you found bugs with ProPolice and not with StackGuard, that means only that you tried with ProPolice, and did not try with StackGuard.
		ProPolice does not protect functions containing arrays of length 7 or less.
		OTOH, I like the variable sorting hack in ProPolice, and thought about implementing it, but chose instead to concentrate on PointGuard, which protects all of the cases that ProPolice variable sorting protects, and then some.
	lists.virus.org /bugtraq-0308/msg00282.html (653 words)

	GHC and GCC 3.3.1 (Site not responding. Last check: 2007-10-08)
		Propolice was broken at first, and is now working on x86/OpenBSD.
		On sparc/OpenBSD you must disable propolice code by inserting into your mk/build.mk: SRC_CC_OPTS+=-fno-stack-protector SRC_HC_OPTS+=-optc-fno-stack-protector Or use whatever the gcc flag on your system is. It is unsurprising that propolice, at least at first, breaks GHC, considering the stack/variable mangling it does.
		Note, you won't get propolice support in your code if you compile via the native code generator, too.
	www.haskell.org /pipermail/cvs-ghc/2003-October/018867.html (180 words)

	X.Org - ProPolice
		ProPolice is a stack smashing protector developed by IBM and based on StackGuard.
		The stack protection provided by ProPolice is specifically for the C and C++ languages.
		ProPolice is currently used by OpenBSD, DragonFly BSD and IPCop.
	xorg.freedesktop.org /wiki/ProPolice (129 words)

	Hungarian Unix Portal - Propolice támogatás a Linux kernelben
		Urlich Drepper szerint a Propolice gcc patchek meglehetősen a instabilak.
		Linux kernel hibák nagy része valóban nem buffer overflow jellegű már, ráadásul a Propolice nem is nyújt védelmet az összes puffer túlcsordulásos támadás ellen, csak a stack alapúakra és azok közül is csak a lineáris túlcsordulásra.
		Persze lehet, hogy nem ez, csak ehhez hasonlo, de az biztos, hogy a propolice szot olvastam az adamantix leirasban, es az is biztos, hogy ez az akarmi, meg a pax egyutt az ilyen tulcsordulasos hibaktol mar szepen ved.
	portal.fsn.hu /modules.php?name=News&file=article&sid=7842 (688 words)

	OpenBSD: Stack-Smashing Protection (Site not responding. Last check: 2007-10-08)
		OpenBSD creator Theo de Raadt [interview] announced that propolice, the "stack-smashing protector" has been merged into the OpenBSD kernel.
		It is now simply referred to as the "stack-smashing protector", being a highly portable GCC extension that 1) reorders variables to prevent pointer corruption, and 2) inserts protection code into an application at compilation time to detect buffer overflows, preventing such bugs from being exploited.
		Propolice relies on a random guard variable that is unknown to an attacker,
	kerneltrap.org /node.php?id=516 (1407 words)

	propolice hint
		Moved propolice back to its own hint :\ New optional features from IBM to use gentoo's glibc technology.
		PREREQUISITES: LFS-5.0 HINT: ======= Context ======= Introduction ProPolice in Glibc vs GCC CFLAGS and ProPolice ProPolice bugs Libsafe Downloads Installation Testing Feedback Acknowledgments ============ Introduction ============ ProPolice Smashing Stack Protector -The good news: Based on StackGaurd, ProPolice was developed by IBM for protecting applications from stack smashing attacks.
		This is the single largest class of attacks and many hope ProPolice will find its way into the mainstream GCC and become the default smash guard.
	www.linuxfromscratch.org /pipermail/hints/2003-December/002306.html (1714 words)

	Stack-Smashing Protector - TheBestLinks.com - ProPolice, Buffer overflow, GNU Compiler Collection, IBM, ... (Site not responding. Last check: 2007-10-08)
		ProPolice, Stack-Smashing Protector, Buffer overflow, GNU Compiler Collection...
		The Stack-Smashing Protector (sometimes called SSP, formerly known as ProPolice) is an extension to the GNU Compiler Collection that helps mitigate the damage that can be done by buffer overflow based attacks.
		The Stack-Smashing Protector was originally written, and is still maintained, by Hiroaki Etoh, of IBM.
	www.thebestlinks.com /ProPolice.html (200 words)

	bsdforums.org - FreeBSD, OpenBSD, NetBSD, MacOS X, Darwin, Linux, BSD Unix forums, message boards, discussions and ...
		Propolice, W^X/NX, code audits, Priv Sep, Priv Dropping, chroot/jails are all techniques that an OS can use to lower the potential of being exploited.
		Firefox is compiled with propolice on amd64 and sparc64.
		OpenBSD is also working on getting propolice working with kde, and all of the other software that isn't compiled with propolice.
	www.bsdforums.org /forums/showthread.php?threadid=20768 (1508 words)

	DragonFly BSD Digest: Comment on gcc3 and propolice (Site not responding. Last check: 2007-10-08)
		Too bad ProPolice isn't being integrated into GCC so that more people would bennefit from it.
		The neat thing about both OpenBSD and (now) DragonFly is that ProPolice is enabled by default, and Gentoo is more of a meta-distribution designed to allow one to build it any way they like; meaning no defualt anything.
		Please correct me if I'm wrong on this point, but I do not believe that ProPolice is enabled out of the box on Gentoo, and I really don't care to spend the few hours it'll take me to read the massive amounts of documentation required for me to install it myself just to check.
	www.shiningsilence.com /cgi-bin/mt/mt-comments.cgi?entry_id=338 (232 words)

	Gentoo Forums :: View topic - Secure your system from buffer overflows with propolice..
		Secure your system from buffer overflows with propolice..
		ProPolice is a GCC patch that adds protection code to all C and C++ programs that prevents buffer overflow attacks.
		I haven't done it yet, because my server is colocated and if messing with the kernel leads to it not booting, I can't drop in a CD and fix it.
	forums.gentoo.org /viewtopic-p-677860.html?sid=b28b8b471804bd5983006a018f052cf7 (441 words)

	Re: Buffer overflow prevention
		> IMHO the ProPolice (http://www.research.ibm.com/trl/projects/security/ssp/), > is the best protection in this kind, even comparing to "two stack" > approach.
		Propolice also doesn't give any protection against heap overflows.
		So the best protection is probably Propolice + non exec stack + write xor executable pages.
	lists.virus.org /bugtraq-0308/msg00176.html (215 words)

	Gentoo Forums :: View topic - ProPolice enabled Gentoo (stack-smashing protection)
		I do have a fully working ProPolice protected system running at the moment, so there is definitely potential.
		You type emerge propolice and it downloads the patch and applies it to gcc.
		2) propolice, patched in by default, if you want to use it once you have this version of gcc use -fstack-protector.
	forums.gentoo.org /viewtopic.php?t=33614 (1477 words)

	LinuxPackages: View
		This is the g77 package of the GNU Compiler suite with Propolice Stackguard Protection.
		Propolice is a GCC extension for protecting applications from stack-smashing attacks.
		Applications written in C will be protected by the method that automatically inserts protection code into an application at compilation time.
	www.linuxpackages.net /pkg_details.php?id=6296 (155 words)

	Gmane -- Mail To News And Back Again
		The original thread is available at I've implemented a ProPolice patched gcc ebuild.
		The script requires apache to be merged to run, but after it has been installed, you can feel free to unmerge the old non-chrooted apache.
		This doesn't require ProPolice, but it runs fine being built with the stack protection if you're interested in trying.
	article.gmane.org /gmane.linux.gentoo.devel/6984 (359 words)

	propolice.txt
		PREREQUISITES: LFS-5.0 HINT: ======= Context ======= Introduction ProPolice in Glibc vs GCC CFLAGS and ProPolice ProPolice bugs Hardened GCC Libsafe Downloads Installation Testing Feedback Acknowledgments ============ Introduction ============ This whole hint is experimental.
		ProPolice Smashing Stack Protector -The good news: Based on StackGaurd, ProPolice was developed by IBM for protecting applications from stack smashing attacks.
		Untill this is fixed I do not reccomend building binutils with propolice.
	www.linuxfromscratch.org /pipermail/hints/2004-January/002309.html (2008 words)

	bsdforums.org - FreeBSD, OpenBSD, NetBSD, MacOS X, Darwin, Linux, BSD Unix forums, message boards, discussions and ... (Site not responding. Last check: 2007-10-08)
		Enhancements include implementing POSIX PROT_EXEC directive, ensuring that pages are not writeable and executable simultaneously in memory, and propolice, which makes it harder to overflow buffer variables.
		Propolice is, as I like say describe it, "Stackgaurd on steriods".
		Propolice is machine independent, running on most of our
	www.bsdforums.org /forums/showthread.php?s=&threadid=6465 (787 words)

	ProPolice (Site not responding. Last check: 2007-10-08)
		Hiroaki Etoh's ProPolice is a modification to the GNU C compiler that places a random canary between any stack allocated character buffers and the return pointer [5].
		It then validates that the canary has not been dirtied by an overflowed buffer before the function returns.
		ProPolice can also reorder local variables to protect local pointers from being overwritten in a buffer overflow.
	www.usenix.org /events/sec01/full_papers/frantzen/frantzen_html/node30.html (62 words)

	2000/freebsd-security/20001119.freebsd-security
		Nov 16 Warner Losh Re: FYI: Propolice for gcc-2.95.2 38.
		Nov 16 Warner Losh Re: FYI: Propolice for gcc-2.95.2 39.
		Nov 17 Trevor Johnson Re: FYI: Propolice for gcc-2.95.2 43.
	docs.freebsd.org /mail/archive/2000/freebsd-security/20001119.freebsd-security.html (1130 words)

	[No title]
		ProPolice is a GCC extension for protecting from stack-smashing attacks.
		However, ProPolice does not catch all possible overflows, and there are still some cases that will get through the stack-smashing protection code.
		All you need to do at this point is be sure to use the gcc-3.2.3-r1 ebuild (you will need to unmask it, also remember it is in the unstable branch), and add -fstack-protector to your CFLAGS in /etc/make.conf.
	www.d-axel.dk /pub/mydesk/Stack-Protector.txt (1068 words)

	Gentoo Linux Documentation -- (Site not responding. Last check: 2007-10-08)
		While hardened-gcc serves as an umbrella package for modifications other than etdyn userland compilation too (see the propolice section of the gentoo-hardened project), it serves mainly as a trigger package to start the transparent conversion of a system into etdyn userland binaries.
		Other than the approach taken by Adamantix, this specs file is the only point where the etdyn building logic is introduced to the existing packages without changing the packages in case of proper compilation.
		Make sure you add and activate the propolice patch by frogger to a kernel if you want to compile it with transparent propolice and etdyn, otherwise disable hardened-gcc temporarily during the kernel compile.
	www.gentoo.org /proj/en/hardened/etdyn-ssp.xml (645 words)

	MySQL Bugs: #1442: Stack Overflow in check_connection()
		It's a bug in propolice - IBM stark overflow protector that is enabled in OpenBSD by default.
		ProPolice was fixed by the authors in the meanwhile - we can close this bug now.
		Portions of this website are copyright © 2001, 2002 The PHP Group.
	bugs.mysql.com /bug.php?id=1442 (97 words)

	ipedia.com: Buffer overflow Article (Site not responding. Last check: 2007-10-08)
		Systems such as StackGuard and ProPolice provide protection against the most common techniques for exploiting buffer overflows by checking that the stack has not been altered when a function returns.
		When a stack smash is triggered, SSP will detect it, and then exit the program with a segmentation fault.
		In ProPolice patched versions of gcc, the -fstack-protector and -fstack-protector-all switches for gcc compile code to include a few references to __guard@glibc and __stack_smash_handler@glibc around stack based buffers.
	www.ipedia.com /buffer_overflow.html (1071 words)

	Re: propolice (Site not responding. Last check: 2007-10-08)
		Fine, but why add an insecure/ineffective feature if you've changed > your mind?) Nothing at the time was sufficient to the task.
		Go read the damn propolice paper, and see what existed at the time.
		I'll give you a hint: All the world is an i386.
	www.monkey.org /openbsd/archive/misc/0212/msg00078.html (88 words)

	Citations: GCC extension for protecting applications from stack-smashing attacks - Etoh (ResearchIndex) (Site not responding. Last check: 2007-10-08)
		3.5.1 The ProPolice Concept Etoh s and Yoda s GCC patch ProPolice borrows the main idea from StackGuard (see section 3.3) they use canary values to detect attacks on the stack.
		The novelty is the protection of stack allocated variables by rearranging the local variables so that char buffers....
		ProPolice can also reorder local variables to protect local pointers from being overwritten in a bu#er overflow.
	citeseer.ist.psu.edu /context/1751190/0 (451 words)

Try your search on: Qwika (all wikis)