- see implementation note and also supported platforms.
- For logging and protection with random canary
Programs compiled with it will have a dependence on
/dev/log and /dev/urandom. Any programs compiled with
it that are chroot'ed will need to take this into
account. /dev/log can be added by use of the -a argument to
syslogd and /dev/urandom can be re-created using
mknod /[chroot_path]/dev/urandom c 1 9.
- Protect what?
more than N length array of 'char', 'unsigned char', 'signed char', and its derivatives used as a local variable and a function argument.
- Why N is seven?
N is the experimental constant, and it is seven. I examined every program used in RedHat Linux 6.2 how many strings are declared and what is the size.
I remember the ratio of the existence of less than 8 characters of string is small (10-20%, sorry I forgot the exact figure).
I think, even if N is one, the overhead of protected instruments is not increased so much.
- add protection environment (March 12, 2003)
- add protected data type (Februray 17, 2003)