Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
sys/ssp: use a random value as the canary
This implements the randomization of canary values on each build as mentioned in the comment above the STACK_CHK_GUARD macro. Since the build system generates a new canary for each build, i.e. riotbuild.h is modified, the entire code is rebuild on each make invocation. This is strictly necessary as otherwise some object files may still use the old canary value. Implementing this properly would require generating a cryptographically secure random value on each boot of the RIOT operating system. This is not deemed possible on some constrained devices, e.g. due to lack of hardware random number generators. Besides, RIOT only seems to support a PRNG (random module) currently. While this may be implemented in the future for some devices the changes implemented in this commit may still be used as a fallback then.
- Loading branch information