Reputation:
How to enable/disable canary?
How to turn off gcc compiler optimization to enable buffer overflow
I see that a command like gcc vuln.c -o vuln_disable_canary -fno-stack-protector is said to disable canary.
I tried the following example, the vanilla gcc command generates a file without canary.
Does anybody know how to disable/enable canary?
$ cat helloworld.c
#include <stdio.h>
int main() {
puts("Hello World!");
}
$ gcc helloworld.c
$ gcc helloworld.c -o no_canary.out -fno-stack-protector
$ rabin2 -I a.out | grep canary
canary false
$ rabin2 -I no_canary.out | grep canary
canary false
BTW, what does the name canary mean?
Upvotes: 1
Views: 5949
Answers (2)
Reputation: 1041
"BTW, what does the name canary mean?"
Think back to the days of coal mining, when buildup of dangerous gases like carbon monoxide could take the lives of coal miners silently, without warning. In order to detect the presence of dangerous gases, a live canary would be brought down into the mine with the miners.
The thinking goes, if a canary, which possesses tiny lungs, asphyxiates on the poison gas, then conditions are dangerous, and it's time to exit post haste. The dead canary warning provides time for the miners, who possess larger lungs and lung capacity, can quickly exit in time before they succumb to the gas.
So how does that relate to present day OS protection? Let's talk about Stack Canaries... when the stack of a function call is trashed by, say, a wild pointer, which in turn clobbers the return address, the application's behavior is undefined. At best, it freezes - silent death, not unlike carbon monoxide poisoning. At worst, well... you get the idea.
A Stack Canary is a nothing more than a token or a series of tokens added to binaries during compilation to protect critical stack values. Before the fateful 'ret' instruction, a bit of extra code checks if the token(s) have been trashed, and if so can safely abort program execution.
Upvotes: 0
Reputation: 58518
So, apparently it's disabled by default on your platform; this behavior is configurable when gcc is built from source, and this is what your OS or packager chose to do. Use -fstack-protector to enable it (if your platform supports it at all).
For more about how gcc's stack canary system works, see Stack smashing detected.
In ordinary English, a canary is a type of bird that was used to detect toxic gases in mines. The birds were more sensitive to these gases than humans are, and so if the bird died, this could alert the miners to the danger while they still had time to evacuate. The analogy is that the value on the stack is like a canary: if it "dies" (is overwritten) then the program can "evacuate" (abort) before an exploit can occur.
Upvotes: 4
Related Questions
- GCC generate Canary or not?
- How to turn off gcc compiler optimization to enable buffer overflow
- exploiting canary to buffer overflow in C
- Implement custom stack canary handling without the standard library
- How do canary words allow gcc to detect buffer overflows?
- How to disable compiler optimizations in gcc?
- Disable all optimization options in GCC
- Exploit a buffer overflow with canary protection
- Buffer Overflow - defending with canary not successful
- How to turn off ANY optimisation flag in GCC