StackGhost: Protecting the return address -- when in memory So the SPILL & FILL handlers save and restore stack frames to and from memory... ... making buffer overflow attacks possible on sparc/sparc64 StackGhost changes the SPILL & FILL handlers: XOR the in-register copy of %i7 with a per-process random number ("wcookie") when transferring to/from memory wcookie is selected randomly at process startup time Was held up by lack of GDB support, but enabled in OpenBSD 3.6 Might be feasable on other register window architectures: ia64 (amd29k - which i bet noone in this room knows)