On a Linux, is there any way to tell if a binary file has been compiled with stack-smashing on/off from the command-line?
I am pretty sure that I have the protection on, but just for the sake of sanity, I'd like to write some tests for my binaries in case there ever comes a day when everything goes wrong and the protection is off... for some reason.
If your your executable file format is ELF, and it happens to have been compiled by GCC v4.3 or greater, which just happened to be passed the
-frecord-gcc-switches command-line switch, then you could do the following:
$ gcc -frecord-gcc-switches -fno-stack-protector test.c
$ readelf -p .GCC.command.line a.out
String dump of section '.GCC.command.line':
[ 0] -imultiarch x86_64-linux-gnu
[ 1d] test.c
[ 24] -mtune=generic
[ 33] -march=x86-64
[ 41] -frecord-gcc-switches
[ 57] -fno-stack-protector
When GCC is passed the
-frecord-gcc-switches switch, it will add the
.GCC.comment.line section -- containing the switches passed to GCC -- to the binary ELF file it creates.
You can then use
readelf to print out the relevant section from your binary ELF file and search for the existence of the
-fno-stack-protector switch to determine if the binary file has been compiled with stack-smashing on/off.
Unfortunately, this solution is limited to binary files compiled using the
-frecord-gcc-switches -- which effectively means it's useless for the majority of situations, though perhaps you may luck out in your particular case.
It's worth mentioning that the detection of buffer overflow vulnerabilities in binary files is an active area of research. For instance, here's a research paper detailing a simple detection module (see section 7.1).
Get the compiler options from a compiled executable?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!Donate Us With