Propolice stack overflow protection in OpenBSD
a day ago
- #OpenBSD
- #Compiler Security
- #Stack Protection
- Propolice was a compiler patch developed by Hiroaki Etoh at IBM Technical Research Labs in Japan to mitigate stack smashing attacks by reordering local variables and adding stack canaries.
- Initially inspired by StackGuard, Propolice improved upon it by being portable across different architectures and operating on GCC's internal representation (RTL).
- Despite initial resistance from GCC developers, Propolice gained traction after being adopted by OpenBSD in 2002, following extensive testing and fixes across multiple architectures.
- OpenBSD integrated Propolice into its compiler by default, making it the first operating system to widely deploy stack protection across its userland.
- Propolice's success led to its adoption by other projects, including Linux distributions like Gentoo, and influenced the development of similar protections in GCC 4.1.
- The legacy of Propolice lives on in modern compilers, where stack protection mechanisms are now standard, making software more resilient against exploitation.