Skip to content

README.md

Latest commit

 

History

History
61 lines (39 loc) · 1.2 KB

README.md

File metadata and controls

61 lines (39 loc) · 1.2 KB

TraditionalMitigation

List all the traditional mitigations in compilers(GCC, Clang, etc.) to defend memory corruption

User space

  • Stack Protector

    • -fstack-protector, -fstack-protector-all, -fstack-protector-strong

  • Heap protection

    • enable by default

  • Double free checking

    • enable by default

  • Libc pointer encryption

    • enable by default

  • FORTIFY_SOURCE

    • -D_FORTIFY_SOURCE=2­-O2

  • Format String Protection

    • -Wformat ­-Wformat-security

  • PIC/PIE

    • -fPIC, -fPIE -pie

  • RELRO

    • -Wl,-z,relro,-z,now

  • Stack clash protection

    • -fstack-clash-protection

Kernel space

  • Stack Protector

    • implemented in Linux Kernel

  • Slab/Slub/Slob Protection

    • implemented in Linux kernel

  • FORTIFY_SOURCE

    • implemented in Linux Kernel

  • NX

    • implemented in Linux Kernel

  • SMAP/SMEP

    • implemented in Linux kernel

  • ASLR(Address Space Layout Randomization)

    • implemented in Linux Kernel

  • KASLR(Kernel Address Space Layout Randomization)

    • implemented in Linux Kernel

References

[1] Secure Programming with GCC and GLibc