I'm reading a document showing ways of safe coding named terminator canary. The terminator canary means a piece of padding into function stack frame preventing maliciously overwriting the return address on stack. The terminator canary act as a safe band, hard to compute the size or to know where is the return address for attackers, whatever, as my understanding, may not accurate.
After the doc, there's a test, in which one true-or-false question is as below:
"The source of entropy for a terminator canary can be attacked"
My question is:
I have no idea what "The source of entropy for sth." and the question means.
The canary is typically a random value placed before the return address on the stack. A buffer overrun that reaches to and overwrites the return address, would also override the canary. The compiler inserts a check, right before returning from the function, that the canary is unmodified, that it still contains the original random value. If it has been modified, the check usually terminates the process (rather than jumping to a compromised return address and giving control to the attacker).
In information theory, "enthropy" is, roughly, another term for "randomness". The source of enthropy is basically the random number generator - in this context, one that is used to set up the canary. If the attacker can predict the random values produced by that generator, then it can arrange its buffer overrun to keep the canary intact, thus bypassing the safety check.