TraditionalMitigation icon indicating copy to clipboard operation
TraditionalMitigation copied to clipboard

Published 20 hours ago verified publisher icon hardenedlinux

Metadata

Traditional Mitigation in GCC to defend Memory Corruption Vulnerability

TraditionalMitigation

List all the traditional mitigations in compilers(GCC, Clang, etc.) to defend memory corruption

User space

  • Stack Protector

    • -fstack-protector, -fstack-protector-all, -fstack-protector-strong

  • Heap protection

    • enable by default

  • Double free checking

    • enable by default

  • Libc pointer encryption

    • enable by default

  • FORTIFY_SOURCE

    • -D_FORTIFY_SOURCE=2­-O2

  • Format String Protection

    • -Wformat ­-Wformat-security

  • PIC/PIE

    • -fPIC, -fPIE -pie

  • RELRO

    • -Wl,-z,relro,-z,now

  • Stack clash protection

    • -fstack-clash-protection

Kernel space

  • Stack Protector

    • implemented in Linux Kernel

  • Slab/Slub/Slob Protection

    • implemented in Linux kernel

  • FORTIFY_SOURCE

    • implemented in Linux Kernel

  • NX

    • implemented in Linux Kernel

  • SMAP/SMEP

    • implemented in Linux kernel

  • ASLR(Address Space Layout Randomization)

    • implemented in Linux Kernel

  • KASLR(Kernel Address Space Layout Randomization)

    • implemented in Linux Kernel

References

[1] Secure Programming with GCC and GLibc

Metadata

19
Stars
7
Forks
Watchers

Owner

verified publisher icon hardenedlinux

Metadata

Traditional Mitigation in GCC to defend Memory Corruption Vulnerability

Back