Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Finding out if a binary file has been compiled with stack smashing protection

On a Linux, is there any way to tell if a binary file has been compiled with stack-smashing on/off from the command-line?

I am pretty sure that I have the protection on, but just for the sake of sanity, I'd like to write some tests for my binaries in case there ever comes a day when everything goes wrong and the protection is off... for some reason.

like image 821
ldanielw1 Avatar asked Mar 24 '23 11:03

ldanielw1


1 Answers

If your your executable file format is ELF, and it happens to have been compiled by GCC v4.3 or greater, which just happened to be passed the -frecord-gcc-switches command-line switch, then you could do the following:

$ gcc -frecord-gcc-switches -fno-stack-protector test.c
$ readelf -p .GCC.command.line a.out

String dump of section '.GCC.command.line':
  [     0]  -imultiarch x86_64-linux-gnu
  [    1d]  test.c
  [    24]  -mtune=generic
  [    33]  -march=x86-64
  [    41]  -frecord-gcc-switches
  [    57]  -fno-stack-protector

When GCC is passed the -frecord-gcc-switches switch, it will add the .GCC.comment.line section -- containing the switches passed to GCC -- to the binary ELF file it creates.

You can then use readelf to print out the relevant section from your binary ELF file and search for the existence of the -fno-stack-protector switch to determine if the binary file has been compiled with stack-smashing on/off.

Unfortunately, this solution is limited to binary files compiled using the -frecord-gcc-switches -- which effectively means it's useless for the majority of situations, though perhaps you may luck out in your particular case.


It's worth mentioning that the detection of buffer overflow vulnerabilities in binary files is an active area of research. For instance, here's a research paper detailing a simple detection module (see section 7.1).

See also

Get the compiler options from a compiled executable?

like image 89
Vilhelm Gray Avatar answered Apr 05 '23 23:04

Vilhelm Gray