Finding out if a binary file has been compiled with stack smashing protection

Question

On a Linux, is there any way to tell if a binary file has been compiled with stack-smashing on/off from the command-line?

I am pretty sure that I have the protection on, but just for the sake of sanity, I'd like to write some tests for my binaries in case there ever comes a day when everything goes wrong and the protection is off... for some reason.

Answer 1

If your your executable file format is ELF, and it happens to have been compiled by GCC v4.3 or greater, which just happened to be passed the -frecord-gcc-switches command-line switch, then you could do the following:

$ gcc -frecord-gcc-switches -fno-stack-protector test.c
$ readelf -p .GCC.command.line a.out

String dump of section '.GCC.command.line':
  [     0]  -imultiarch x86_64-linux-gnu
  [    1d]  test.c
  [    24]  -mtune=generic
  [    33]  -march=x86-64
  [    41]  -frecord-gcc-switches
  [    57]  -fno-stack-protector

When GCC is passed the -frecord-gcc-switches switch, it will add the .GCC.comment.line section -- containing the switches passed to GCC -- to the binary ELF file it creates.

You can then use readelf to print out the relevant section from your binary ELF file and search for the existence of the -fno-stack-protector switch to determine if the binary file has been compiled with stack-smashing on/off.

Unfortunately, this solution is limited to binary files compiled using the -frecord-gcc-switches -- which effectively means it's useless for the majority of situations, though perhaps you may luck out in your particular case.

---

It's worth mentioning that the detection of buffer overflow vulnerabilities in binary files is an active area of research. For instance, here's a research paper detailing a simple detection module (see section 7.1).

See also

Get the compiler options from a compiled executable?