Canary value: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Sandy Harris
No edit summary
mNo edit summary
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
{{subpages}}
{{PropDel}}<br><br>{{subpages}}


In [[computer science]], and in particular [[computer security]] and [[code generation]], the use of '''canary values''' is a strategy to detect [[buffer overflow attacks]] at run time, without requiring the programmer to modify any source code.  Implemented within a [[compiler]], canary values modify a program's [[stack frame]] to detect---but not prevent---buffer overflow attacks, imposing a worst case behavior for the system under attack.  Notable examples of canary value systems are StackGuard and ProPolice.
In [[computer science]], and in particular [[computer security]] and [[code generation]], the use of '''canary values''' is a strategy to detect [[buffer overflow attacks]] at run time, without requiring the programmer to modify any source code.  Implemented within a [[compiler]], canary values modify a program's [[stack frame]] to detect---but not prevent---buffer overflow attacks, imposing a worst case behavior for the system under attack.  Notable examples of canary value systems are StackGuard and ProPolice.
Line 33: Line 33:


==References==
==References==
<references/>
<references/>[[Category:Suggestion Bot Tag]]

Latest revision as of 11:01, 24 July 2024

This article may be deleted soon.
To oppose or discuss a nomination, please go to CZ:Proposed for deletion and follow the instructions.

For the monthly nomination lists, see
Category:Articles for deletion.


In computer science, and in particular computer security and code generation, the use of canary values is a strategy to detect buffer overflow attacks at run time, without requiring the programmer to modify any source code. Implemented within a compiler, canary values modify a program's stack frame to detect---but not prevent---buffer overflow attacks, imposing a worst case behavior for the system under attack. Notable examples of canary value systems are StackGuard and ProPolice.

The method is simple. The compiler generates additional instructions, so that the function prologue will add a so-called canary value to the stack frame between the return address and the local variables. This canary value is a random number chosen when the program begins. Then, additional instructions are inserted into the function epilogue which check the canary value, as it appears in the stack frame. If incorrect, the new instructions cause the program to go into a fail-safe mode (usually immediate termination), as to control the program's worst-case behavior while under attack. Canary values can work, because most stack smashing attacks which successfully overwrites the return address will also overwrite the canary value, and it is unlikely that the attacker will be able to guess the canary value. [1]

At least four attacks have been developed against this sort of protection. [2]

The name "Canary value" is taken from a common practice during the history of mining operations. A canary was brought into the mine by miners while work is being done, and if the canary stops singing or dies (presumably because of something dangerous in the air such as a poisonous gas) the miners know to get out of the mine before they breathe too much of whatever happened to kill the canary.[3]

See Also


References