> Cool stuff. The downside is that this probably kills doing > backtraces, making debugging stuff hard. Unless this also changes the > DWARF debugging information to reflect the xor operation. But I'm not > sure that's possible.
I think it is possible, but some help is probably needed in gdb. > Having a "constant" (per process) cookie would make things easier for > debuggers, but also weaken the mechanism. It might be possible to > have the kernel initialize such a cookie in the TIB (thread > information block) that is used for fast access to thread-local > variables. Pointless effort I think. We already have something very similar to that, which is -fstack-protector-all. It isn't a SP modification but a cookie placement, but it doesn't gain any perturbative advantage from the SP ASLR.
