Abstract: Stack smashing protector(SSP) is the most effective security mechanism to mitigate the stack buffer overflow vulnerability, which guarantees stack unmodified by generating random numbers. At present, the main technology to bypass SSP mechanism is based on brute force attack. This paper reveals a security defect model which can reveal the random number. Because the operating system does not empty the dead stack frame in time, the random number exists in the invalid space, and the bypass to leverage this characteristic is called reuse of canary attack. The experiment proves the usability and stability of this security model. Based on this feature, two effective solutions are proposed.

Key words: stack smashing protector, Canary reuse, Linux random number, stack buffer overflow