Wed, 14 Feb 2007

GNU gcc Stack Protection.

Wow, this is new. Version 4.1 of GNU gcc compiler shipped with Ubuntu Feisty includes stack smashing protection by default!

Consider the following code containing a buffer overflow of a stack based buffer :

    #include <stdio.h>

    static void
    kill_my_stack (void)
        char buffer [10] ;
        int k ;

        for (k = 0 ; k < 20 ; k++)
            buffer [k] = 'a' + k ;
    } /* kill_my_stack */

    main (void)
        kill_my_stack () ;
        return 0 ;
    } /* main */

Compiling this with the default gcc compiler in Feisty produces an executable which when run gives the following error:

    *** stack smashing detected ***: /home/erikd/stack-protect-demo terminated

Obviously, for an error as simple as this even basic static analysis should find it, but we know that the vast majority of people don't use static analysis. In fact many don't even compile with a sensible set of compiler flags turned on. Well now, those people are protected from themselves.

Posted at: 19:13 | Category: CodeHacking | Permalink