Articles with tag: Gcc
POSTED BY: Dimitrios Glynos / 19.10.2018

Program Instrumentation with and without Source Code (FOSSCOMM 2018)

CENSUS was one of the sponsors of FOSSCOMM 2018, the annual free and open source communities conference, that took place this year in Heraklion, Crete. CENSUS participated in the conference with a two part presentation on Program Instrumentation.

POSTED BY: Dimitrios Glynos / 21.01.2009

Static SSP canary in Debian libc6

Affected Products:All SSP-armoured applications, statically or dynamically linked against the libc6 library (versions ≤ 2.7) provided by the Debian GNU/Linux project.
Class:Degraded performance of security mechanism due to misconfiguration.
Discovered by:Dimitris Glynos

We have found that Debian packages of the GNU libc library (versions prior to and including 2.7) provide a static (i.e. guessable) canary value to all applications armoured with the gcc SSP mechanism.