On a iPhone 5c that is jailbroken at iOS 7.1.1 it is easily possible to see that the stack canary of iOS 7.1.1 is still not protected against local attacks as disclosed during SyScan 2013 in April 2013 http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf .
In the context of iOS this might be useful for persitence/untether hacks.

Yours,
Stefan Esser

iPhone:~ root# uname -a
Darwin iPhone 14.0.0 Darwin Kernel Version 14.0.0: Fri Mar 28 21:15:11 PDT 2014; root:xnu-2423.10.70~1/RELEASE_ARM_S5L8950X iPhone5,4 arm N49AP Darwin
iPhone:~ root# sysctl kern.osversion
kern.osversion: 11D201
iPhone:~ root# mkdir stack_guard=0x55446677        
iPhone:~ root# ln -sf ../appledump stack_guard\=0x55446677/link 
iPhone:~ root# stack_guard\=0x55446677/link 
string(0): 
string(1): 
string(2): stack_guard=0x0b004be3aceda6a7
string(3): 


__stack_chk_guard: 0000000055446677

-----------
appledump.c
-----------
extern long __stack_chk_guard[8];
 
int main(int argc, char **argv, char **envp, char **apple)
{
 int i;
 for (i=0; apple[i]; i++) {
 printf("string(%u): %s\n", i, apple[i]);
 }
 
 printf("\n\n__stack_chk_guard: %016lx\n", *(long *)__stack_chk_guard);
}