ProPolice/SSP (Fantastic Japanese Stuff) A typical stack frame... Random value is inserted here by function prologue ... ... and checked by function epilogue Reordering: Arrays (strings) placed closer to random value -- integers and pointers placed further away -fstack-protector-all compiled system is 1.3% slower at make build We have found *NOTHING* which breaks as a result of ProPolice (well we found a few things, but they were exploitable.....) BENEFITS SECURITY: Finds bugs and makes them unexploitable VERY LOW COST: Every vendor should use it