ProPolice/SSP (Fantastic Japanese Stuff)


gcc modification which catches most common stack-smashing
problems

http://www.trl.ibm.com/projects/security/ssp/

Compiler instruments generated code for each function:
Prologue stores a random value (canary) on the stack
Function Epilogue aborts if value has changed

Integrated into OpenBSD in December 2002
gcc with ProPolice -- equal quality to gcc without ProPolice
ProPolice protects better than alternatives: StackGuard
    www1.corest.com/files/files/11/StackguardPaper.pdf

Enabled for all architectures except hppa