Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Buffer overflow protection
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==={{Anchor|STACKGUARD|PROPOLICE}}GNU Compiler Collection (GCC)=== Stack-smashing protection was first implemented by ''StackGuard'' in 1997, and published at the 1998 [[USENIX Security Symposium]].<ref>{{cite web|url=http://www.usenix.org/publications/library/proceedings/sec98/full_papers/cowan/cowan_html/cowan.html |title=Papers - 7th USENIX Security Symposium, 1998 |publisher=Usenix.org |date=2002-04-12 |access-date=2014-04-27}}</ref> StackGuard was introduced as a set of patches to the Intel x86 backend of [[GNU Compiler Collection|GCC]] 2.7. StackGuard was maintained for the [[Immunix]] Linux distribution from 1998 to 2003, and was extended with implementations for terminator, random and random XOR canaries. StackGuard was suggested for inclusion in GCC 3.x at the GCC 2003 Summit Proceedings,<ref>{{cite web|url=http://www.linux.org.uk/~ajh/gcc/gccsummit-2003-proceedings.pdf |title=Proceedings of the GCC Developers Summit |date=May 2003 |access-date=2016-09-17 |url-status=bot: unknown |archive-url=https://web.archive.org/web/20040715225038/http://www.linux.org.uk/~ajh/gcc/gccsummit-2003-proceedings.pdf |archive-date=2004-07-15 }}</ref> but this was never achieved. From 2001 to 2005, [[IBM]] developed GCC patches for stack-smashing protection, known as ''ProPolice''.<ref>{{cite web|url=http://www.research.ibm.com/trl/projects/security/ssp/ |title=GCC extension for protecting applications from stack-smashing attacks |publisher=Research.ibm.com |access-date=2014-04-27}}</ref> It improved on the idea of StackGuard by placing buffers after local pointers and function arguments in the stack frame. This helped avoid the corruption of pointers, preventing access to arbitrary memory locations. [[Red Hat]] engineers identified problems with ProPolice though, and in 2005 re-implemented stack-smashing protection for inclusion in GCC 4.1.<ref>{{cite web|url=https://gcc.gnu.org/gcc-4.1/changes.html |title=GCC 4.1 Release Series β Changes, New Features, and Fixes - GNU Project - Free Software Foundation (FSF) |publisher=Gcc.gnu.org |access-date=2014-04-27}}</ref><ref>{{cite web|url=https://gcc.gnu.org/ml/gcc-patches/2005-05/msg01193.html |title=Richard Henderson - [rfc] reimplementation of ibm stack-smashing protector |publisher=Gcc.gnu.org |access-date=2014-04-27}}</ref> This work introduced the <kbd>-fstack-protector</kbd> flag, which protects only some vulnerable functions, and the <kbd>-fstack-protector-all</kbd> flag, which protects all functions whether they need it or not.<ref>{{cite web|url=https://gcc.gnu.org/onlinedocs/gcc-4.8.1/gcc/Optimize-Options.html#Optimize-Options |title=Optimize Options - Using the GNU Compiler Collection (GCC) |publisher=Gcc.gnu.org |access-date=2014-04-27}}</ref> In 2012, [[Google]] engineers implemented the <kbd>-fstack-protector-strong</kbd> flag to strike a better balance between security and performance.<ref>{{cite web|url=https://gcc.gnu.org/ml/gcc-patches/2012-06/msg00974.html |title=Han Shen(ææ) - [PATCH] Add a new option "-fstack-protector-strong" (patch / doc inside) |publisher=Gcc.gnu.org |date=2012-06-14 |access-date=2014-04-27}}</ref> This flag protects more kinds of vulnerable functions than <kbd>-fstack-protector</kbd> does, but not every function, providing better performance than <kbd>-fstack-protector-all</kbd>. It is available in GCC since its version 4.9.<ref>{{cite web|last1=Edge|first1=Jake|title="Strong" stack protection for GCC|url=https://lwn.net/Articles/584225/|website=Linux Weekly News|access-date=28 November 2014|date=February 5, 2014|quote=It has made its way into GCC 4.9}}</ref> All [[Fedora (operating system)|Fedora]] packages are compiled with <kbd>-fstack-protector</kbd> since Fedora Core 5, and <kbd>-fstack-protector-strong</kbd> since Fedora 20.<ref>{{cite web|url=https://fedoraproject.org/wiki/Security_Features#Stack_Smash_Protection.2C_Buffer_Overflow_Detection.2C_and_Variable_Reordering |title=Security Features |publisher=FedoraProject |date=2013-12-11 |access-date=2014-04-27}}</ref><ref>{{cite web|url=https://fedorahosted.org/fesco/ticket/1128 |title=#1128 (switching from "-fstack-protector" to "-fstack-protector-strong" in Fedora 20) β FESCo |publisher=Fedorahosted.org |access-date=2014-04-27}}</ref> Most packages in [[Ubuntu]] are compiled with <kbd>-fstack-protector</kbd> since 6.10.<ref>{{cite web|url=https://wiki.ubuntu.com/Security/Features#stack-protector |title=Security/Features - Ubuntu Wiki |publisher=Wiki.ubuntu.com |access-date=2014-04-27}}</ref> Every [[Arch Linux]] package is compiled with <kbd>-fstack-protector</kbd> since 2011.<ref>{{cite web|url=https://bugs.archlinux.org/task/18864 |title=FS#18864 : Consider enabling GCC's stack-smashing protection (ProPolice, SSP) for all packages |publisher=Bugs.archlinux.org |access-date=2014-04-27}}</ref> All Arch Linux packages built since 4 May 2014 use <kbd>-fstack-protector-strong</kbd>.<ref>{{cite web |url=https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/pacman&id=695ca25d4c24f3bd3b8c350d64f2697c733d5169 |archive-url=https://archive.today/20140718035407/https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/pacman&id=695ca25d4c24f3bd3b8c350d64f2697c733d5169 |url-status=dead |archive-date=July 18, 2014 |title=svntogit/packages.git - Git clone of the 'packages' repository }}</ref> Stack protection is only used for some packages in [[Debian]],<ref>{{cite web |url=http://outflux.net/debian/hardening/ |title=Debian Security Hardening Statistics |publisher=Outflux.net |access-date=2014-04-27 |archive-date=2014-04-28 |archive-url=https://web.archive.org/web/20140428012424/http://outflux.net/debian/hardening/ |url-status=dead }}</ref> and only for the [[FreeBSD]] base system since 8.0.<ref>{{cite web|url=http://www.freebsd.org/releases/8.0R/relnotes.html |title=FreeBSD 8.0-RELEASE Release Notes |publisher=Freebsd.org |date=2013-11-13 |access-date=2014-04-27}}</ref> Stack protection is standard in certain operating systems, including [[OpenBSD]],<ref>{{cite web| url = https://man.openbsd.org/gcc-local.1| title = OpenBSD's gcc-local(1) manual page| quote = gcc comes with the ''ProPolice'' stack protection extension, which is enabled by default.}}</ref> [[Hardened Gentoo]]<ref>{{cite web|url=https://wiki.gentoo.org/wiki/Hardened/Toolchain#Default_addition_of_the_Stack_Smashing_Protector_.28SSP.29|title=Hardened/Toolchain - Gentoo Wiki|quote=The Gentoo hardened GCC switches on the stack protector by default unless explicitly requested not to.|date=2016-07-31}}</ref> and [[DragonFly BSD]].{{Citation needed|date=September 2013}} StackGuard and ProPolice cannot protect against overflows in automatically allocated structures that overflow into function pointers. ProPolice at least will rearrange the allocation order to get such structures allocated before function pointers. A separate mechanism for [[pointer protection]] was proposed in PointGuard<ref>{{cite web|url=http://www.usenix.org/events/sec03/tech/full_papers/cowan/cowan_html/index.html|title=12th USENIX Security Symposium β Technical Paper}}</ref> and is available on Microsoft Windows.<ref>{{cite web|url=http://blogs.msdn.com/michael_howard/archive/2006/08/16/702707.aspx|title=MSDN Blogs β Get the latest information, insights, announcements, and news from Microsoft experts and developers in the MSDN blogs.|date=6 August 2021 }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)