searchusermenu
  • 发布文章
  • 消息中心
点赞
收藏
评论
分享
原创

Gcc flag fstack-protector

2023-06-02 02:23:42
4
0
-fstack-protector
           Emit extra code to check for buffer overflows, such as stack smashing attacks.  This is done by adding a guard variable to functions with vulnerable objects.  This includes functions that call "alloca", and functions with buffers larger than 8 bytes. The guards are initialized when a function is entered and then checked when the function exits.  If a guard check fails, an error message is printed and the program exits.
 
fstack-protector-all
           Like -fstack-protector except that all functions are protected.
 
-fstack-protector-strong
           Like -fstack-protector but includes additional functions to be protected --- those that have local array definitions, or have references to local frame addresses.
 
# cat  fstack_protectot.c
int main(int argc, char * argv[])
{
    //more than 8
    char array[8];
 
    if (argc < 2) {
        fprintf(stderr, "Usage: %s DATA...\n", argv[0]);
        return 1;
    }
 
    printf("strlen %ld\n", strlen(argv[1]));
 
    memcpy(array, argv[1], strlen(argv[1]));
 
    return 0;
}
 
 [root@~]# gcc -Wall -O2  -fstack-protector fstack_protectot.c -o boom
 [root@~]# gcc -Wall -O2  -fstack-protector-all fstack_protectot.c -o boom
 [root@~]# gcc -Wall -O2  -fstack-protector-strong fstack_protectot.c -o boom
[root@~]# ./boom AAAAAAAAA
strlen 9
*** stack smashing detected ***: ./boom terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7f2bb592e597]
/lib64/libc.so.6(__fortify_fail+0x0)[0x7f2bb592e560]
./boom[0x400667]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f2bb5841b15]
./boom[0x400691]
======= Memory map: ========
00400000-00401000 r-xp 00000000 fd:01 34546363                           /root/boom
00600000-00601000 r--p 00000000 fd:01 34546363                           /root/boom
00601000-00602000 rw-p 00001000 fd:01 34546363                           /root/boom
00d9f000-00dc0000 rw-p 00000000 00:00 0                                  [heap]
7f2bb560a000-7f2bb561f000 r-xp 00000000 fd:01 33554569                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f2bb561f000-7f2bb581e000 ---p 00015000 fd:01 33554569                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f2bb581e000-7f2bb581f000 r--p 00014000 fd:01 33554569                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f2bb581f000-7f2bb5820000 rw-p 00015000 fd:01 33554569                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f2bb5820000-7f2bb59d7000 r-xp 00000000 fd:01 33607143                   /usr/lib64/libc-2.17.so
7f2bb59d7000-7f2bb5bd7000 ---p 001b7000 fd:01 33607143                   /usr/lib64/libc-2.17.so
7f2bb5bd7000-7f2bb5bdb000 r--p 001b7000 fd:01 33607143                   /usr/lib64/libc-2.17.so
7f2bb5bdb000-7f2bb5bdd000 rw-p 001bb000 fd:01 33607143                   /usr/lib64/libc-2.17.so
7f2bb5bdd000-7f2bb5be2000 rw-p 00000000 00:00 0 
7f2bb5be2000-7f2bb5c03000 r-xp 00000000 fd:01 34546357                   /usr/lib64/ld-2.17.so
7f2bb5dfa000-7f2bb5dfd000 rw-p 00000000 00:00 0 
7f2bb5e00000-7f2bb5e03000 rw-p 00000000 00:00 0 
7f2bb5e03000-7f2bb5e04000 r--p 00021000 fd:01 34546357                   /usr/lib64/ld-2.17.so
7f2bb5e04000-7f2bb5e05000 rw-p 00022000 fd:01 34546357                   /usr/lib64/ld-2.17.so
7f2bb5e05000-7f2bb5e06000 rw-p 00000000 00:00 0 
7ffc5edd0000-7ffc5edf1000 rw-p 00000000 00:00 0                          [stack]
7ffc5edfa000-7ffc5edfc000 r--p 00000000 00:00 0                          [vvar]
7ffc5edfc000-7ffc5edfe000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted (core dumped)
 
[root@ ~]# gcc -Wall -O2  -fno-stack-protector fstack_protectot.c -o boom
[root@ ~]# ./boom AAAAAAAAA
strlen 9
 
--------------------------------------------------------------------------------------------------------------------------------------
# cat  fstack_protectot_strong.c
struct no_chars {
    unsigned int len;
    unsigned int data;
};
 
int main(int argc, char * argv[])
{
    struct no_chars info = { };
 
    if (argc < 3) {
        fprintf(stderr, "Usage: %s LENGTH DATA...\n", argv[0]);
        return 1;
    }
 
    info.len = atoi(argv[1]);
    memcpy(&info.data, argv[2], info.len);
 
    return 0;
}
 
[root@ ~]# gcc -Wall -O2  -fstack-protector-strong fstack_protectot_strong.c -o boom
[root@ ~]# gcc -Wall -O2  -fstack-protector-all fstack_protectot_strong.c -o boom
[root@~]# ./boom 5 AAAAA
*** stack smashing detected ***: ./boom terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7f655afd9597]
/lib64/libc.so.6(__fortify_fail+0x0)[0x7f655afd9560]
./boom[0x40061d]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f655aeecb15]
./boom[0x400649]
======= Memory map: ========
00400000-00401000 r-xp 00000000 fd:01 36647130                           /root/boom
00600000-00601000 r--p 00000000 fd:01 36647130                           /root/boom
00601000-00602000 rw-p 00001000 fd:01 36647130                           /root/boom
01e33000-01e54000 rw-p 00000000 00:00 0                                  [heap]
7f655acb5000-7f655acca000 r-xp 00000000 fd:01 33554569                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f655acca000-7f655aec9000 ---p 00015000 fd:01 33554569                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f655aec9000-7f655aeca000 r--p 00014000 fd:01 33554569                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f655aeca000-7f655aecb000 rw-p 00015000 fd:01 33554569                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f655aecb000-7f655b082000 r-xp 00000000 fd:01 33607143                   /usr/lib64/libc-2.17.so
7f655b082000-7f655b282000 ---p 001b7000 fd:01 33607143                   /usr/lib64/libc-2.17.so
7f655b282000-7f655b286000 r--p 001b7000 fd:01 33607143                   /usr/lib64/libc-2.17.so
7f655b286000-7f655b288000 rw-p 001bb000 fd:01 33607143                   /usr/lib64/libc-2.17.so
7f655b288000-7f655b28d000 rw-p 00000000 00:00 0 
7f655b28d000-7f655b2ae000 r-xp 00000000 fd:01 34546357                   /usr/lib64/ld-2.17.so
7f655b4a5000-7f655b4a8000 rw-p 00000000 00:00 0 
7f655b4ac000-7f655b4ae000 rw-p 00000000 00:00 0 
7f655b4ae000-7f655b4af000 r--p 00021000 fd:01 34546357                   /usr/lib64/ld-2.17.so
7f655b4af000-7f655b4b0000 rw-p 00022000 fd:01 34546357                   /usr/lib64/ld-2.17.so
7f655b4b0000-7f655b4b1000 rw-p 00000000 00:00 0 
7ffd354bb000-7ffd354dc000 rw-p 00000000 00:00 0                          [stack]
7ffd355f6000-7ffd355f8000 r--p 00000000 00:00 0                          [vvar]
7ffd355f8000-7ffd355fa000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted (core dumped)
 
[root@ ~]# gcc -Wall -O2  -fno-stack-protector fstack_protectot_strong.c -o boom
[root@ ~]# gcc -Wall -O2  -fstack-protector fstack_protectot_strong.c -o boom
[root@ ~]# ./boom 5 AAAAA
0条评论
作者已关闭评论
w****n
15文章数
0粉丝数
w****n
15 文章 | 0 粉丝
w****n
15文章数
0粉丝数
w****n
15 文章 | 0 粉丝
原创

Gcc flag fstack-protector

2023-06-02 02:23:42
4
0
-fstack-protector
           Emit extra code to check for buffer overflows, such as stack smashing attacks.  This is done by adding a guard variable to functions with vulnerable objects.  This includes functions that call "alloca", and functions with buffers larger than 8 bytes. The guards are initialized when a function is entered and then checked when the function exits.  If a guard check fails, an error message is printed and the program exits.
 
fstack-protector-all
           Like -fstack-protector except that all functions are protected.
 
-fstack-protector-strong
           Like -fstack-protector but includes additional functions to be protected --- those that have local array definitions, or have references to local frame addresses.
 
# cat  fstack_protectot.c
int main(int argc, char * argv[])
{
    //more than 8
    char array[8];
 
    if (argc < 2) {
        fprintf(stderr, "Usage: %s DATA...\n", argv[0]);
        return 1;
    }
 
    printf("strlen %ld\n", strlen(argv[1]));
 
    memcpy(array, argv[1], strlen(argv[1]));
 
    return 0;
}
 
 [root@~]# gcc -Wall -O2  -fstack-protector fstack_protectot.c -o boom
 [root@~]# gcc -Wall -O2  -fstack-protector-all fstack_protectot.c -o boom
 [root@~]# gcc -Wall -O2  -fstack-protector-strong fstack_protectot.c -o boom
[root@~]# ./boom AAAAAAAAA
strlen 9
*** stack smashing detected ***: ./boom terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7f2bb592e597]
/lib64/libc.so.6(__fortify_fail+0x0)[0x7f2bb592e560]
./boom[0x400667]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f2bb5841b15]
./boom[0x400691]
======= Memory map: ========
00400000-00401000 r-xp 00000000 fd:01 34546363                           /root/boom
00600000-00601000 r--p 00000000 fd:01 34546363                           /root/boom
00601000-00602000 rw-p 00001000 fd:01 34546363                           /root/boom
00d9f000-00dc0000 rw-p 00000000 00:00 0                                  [heap]
7f2bb560a000-7f2bb561f000 r-xp 00000000 fd:01 33554569                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f2bb561f000-7f2bb581e000 ---p 00015000 fd:01 33554569                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f2bb581e000-7f2bb581f000 r--p 00014000 fd:01 33554569                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f2bb581f000-7f2bb5820000 rw-p 00015000 fd:01 33554569                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f2bb5820000-7f2bb59d7000 r-xp 00000000 fd:01 33607143                   /usr/lib64/libc-2.17.so
7f2bb59d7000-7f2bb5bd7000 ---p 001b7000 fd:01 33607143                   /usr/lib64/libc-2.17.so
7f2bb5bd7000-7f2bb5bdb000 r--p 001b7000 fd:01 33607143                   /usr/lib64/libc-2.17.so
7f2bb5bdb000-7f2bb5bdd000 rw-p 001bb000 fd:01 33607143                   /usr/lib64/libc-2.17.so
7f2bb5bdd000-7f2bb5be2000 rw-p 00000000 00:00 0 
7f2bb5be2000-7f2bb5c03000 r-xp 00000000 fd:01 34546357                   /usr/lib64/ld-2.17.so
7f2bb5dfa000-7f2bb5dfd000 rw-p 00000000 00:00 0 
7f2bb5e00000-7f2bb5e03000 rw-p 00000000 00:00 0 
7f2bb5e03000-7f2bb5e04000 r--p 00021000 fd:01 34546357                   /usr/lib64/ld-2.17.so
7f2bb5e04000-7f2bb5e05000 rw-p 00022000 fd:01 34546357                   /usr/lib64/ld-2.17.so
7f2bb5e05000-7f2bb5e06000 rw-p 00000000 00:00 0 
7ffc5edd0000-7ffc5edf1000 rw-p 00000000 00:00 0                          [stack]
7ffc5edfa000-7ffc5edfc000 r--p 00000000 00:00 0                          [vvar]
7ffc5edfc000-7ffc5edfe000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted (core dumped)
 
[root@ ~]# gcc -Wall -O2  -fno-stack-protector fstack_protectot.c -o boom
[root@ ~]# ./boom AAAAAAAAA
strlen 9
 
--------------------------------------------------------------------------------------------------------------------------------------
# cat  fstack_protectot_strong.c
struct no_chars {
    unsigned int len;
    unsigned int data;
};
 
int main(int argc, char * argv[])
{
    struct no_chars info = { };
 
    if (argc < 3) {
        fprintf(stderr, "Usage: %s LENGTH DATA...\n", argv[0]);
        return 1;
    }
 
    info.len = atoi(argv[1]);
    memcpy(&info.data, argv[2], info.len);
 
    return 0;
}
 
[root@ ~]# gcc -Wall -O2  -fstack-protector-strong fstack_protectot_strong.c -o boom
[root@ ~]# gcc -Wall -O2  -fstack-protector-all fstack_protectot_strong.c -o boom
[root@~]# ./boom 5 AAAAA
*** stack smashing detected ***: ./boom terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7f655afd9597]
/lib64/libc.so.6(__fortify_fail+0x0)[0x7f655afd9560]
./boom[0x40061d]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f655aeecb15]
./boom[0x400649]
======= Memory map: ========
00400000-00401000 r-xp 00000000 fd:01 36647130                           /root/boom
00600000-00601000 r--p 00000000 fd:01 36647130                           /root/boom
00601000-00602000 rw-p 00001000 fd:01 36647130                           /root/boom
01e33000-01e54000 rw-p 00000000 00:00 0                                  [heap]
7f655acb5000-7f655acca000 r-xp 00000000 fd:01 33554569                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f655acca000-7f655aec9000 ---p 00015000 fd:01 33554569                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f655aec9000-7f655aeca000 r--p 00014000 fd:01 33554569                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f655aeca000-7f655aecb000 rw-p 00015000 fd:01 33554569                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f655aecb000-7f655b082000 r-xp 00000000 fd:01 33607143                   /usr/lib64/libc-2.17.so
7f655b082000-7f655b282000 ---p 001b7000 fd:01 33607143                   /usr/lib64/libc-2.17.so
7f655b282000-7f655b286000 r--p 001b7000 fd:01 33607143                   /usr/lib64/libc-2.17.so
7f655b286000-7f655b288000 rw-p 001bb000 fd:01 33607143                   /usr/lib64/libc-2.17.so
7f655b288000-7f655b28d000 rw-p 00000000 00:00 0 
7f655b28d000-7f655b2ae000 r-xp 00000000 fd:01 34546357                   /usr/lib64/ld-2.17.so
7f655b4a5000-7f655b4a8000 rw-p 00000000 00:00 0 
7f655b4ac000-7f655b4ae000 rw-p 00000000 00:00 0 
7f655b4ae000-7f655b4af000 r--p 00021000 fd:01 34546357                   /usr/lib64/ld-2.17.so
7f655b4af000-7f655b4b0000 rw-p 00022000 fd:01 34546357                   /usr/lib64/ld-2.17.so
7f655b4b0000-7f655b4b1000 rw-p 00000000 00:00 0 
7ffd354bb000-7ffd354dc000 rw-p 00000000 00:00 0                          [stack]
7ffd355f6000-7ffd355f8000 r--p 00000000 00:00 0                          [vvar]
7ffd355f8000-7ffd355fa000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted (core dumped)
 
[root@ ~]# gcc -Wall -O2  -fno-stack-protector fstack_protectot_strong.c -o boom
[root@ ~]# gcc -Wall -O2  -fstack-protector fstack_protectot_strong.c -o boom
[root@ ~]# ./boom 5 AAAAA
文章来自个人专栏
完成任务
15 文章 | 1 订阅
0条评论
作者已关闭评论
作者已关闭评论
0
0