This is the mail archive of the
mailing list for the glibc project.
randomized stack protector value
- From: Kees Cook <kees at canonical dot com>
- To: libc-alpha at sourceware dot org
- Date: Wed, 1 Oct 2008 13:11:16 -0700
- Subject: randomized stack protector value
I recently found Jakub Jelinek's excellent randomization patch
for glibc's stack protection value (see _dl_setup_stack_chk_guard).
This method is preferred over --enable-stackguard-randomization which
opens /dev/urandom on every exec (which is considered to be too expensive
for general use).
I'd like to see this "good enough randomization" option in mainline glibc,
but I could not find any discussion of it (though there is reference to
the feature existing).
What would be needed to help get this approved?
Ubuntu Security Team