= ProPolice =

'''ProPolice''' is a stack smashing protector developed by '''IBM''' and based on '''StackGuard'''.

It is a patchset for gcc designed to protect compiled applications from attacks which manipulate the stack (ie, '''buffer-overruns''').

ProPolice will add the following options to gcc:

{{{
    -fstack-protector        : Enable stack protection for functions which contain
                               character arrays.

    -fno-stack-protector     : Disable use of stack protection (ProPolice).

    -fstack-protector-all    : Enable stack protection for all functions.

    -fno-stack-protector-all : Disables stack protection for all functions.
}}}

The stack protection provided by ProPolice is specifically for the C and C++ languages.

ProPolice is currently used by OpenBSD, DragonFly BSD and IPCop.  It is also optionally available in Gentoo Linux with the {{{hardened}}} '''USE''' flag.

= See Also: =

  '''IBM's Page:'''      http://www.research.ibm.com/trl/projects/security/ssp/ <<BR>>
  '''Hardened Gentoo:''' http://www.gentoo.org/proj/en/hardened/ <<BR>>
  '''OpenBSD:'''         http://www.openbsd.org <<BR>>
  '''WikiPedia Page:'''  http://en.wikipedia.org/wiki/ProPolice