Check out the new USENIX Web site. next up previous
Next: Unaffected Exploits Up: Limitations Previous: Debuggers

Granularity

The current implementation of StackGhost protects each userland process on the system. It may be desireable to selectively protect processes deemed to be ``at risk.'' Setuid, setgid and otherwise privileged processe are the likely candidates for automatic coverage. The XOR cookie mechanisms of StackGhost may disable coverage by using a NULL cookie since XORing any number with zero is the equivalent of adding by zero - no effect.



2001-05-12