| 1 |
> Javier: good point, I haven't really considered the differences between the |
| 2 |
> use of fstack-protector and fstack-protector-all - maybe something to do in |
| 3 |
> the future. Would there be a way to find out which option was used on a given |
| 4 |
> binary 'post mortem'? (read: after compilation? ;)) |
| 5 |
|
| 6 |
While it doesn't differentiate between fstack-protector and |
| 7 |
fstack-protector-all this script [1] can detect RELRO, canary, NX/PAX |
| 8 |
& PIE: |
| 9 |
|
| 10 |
[509] kyle@blah:~/security-bin$ ./checksec-new.sh --file buggy |
| 11 |
RELRO STACK CANARY NX/PaX PIE FILE |
| 12 |
No RELRO Canary found NX enabled No PIE buggy |
| 13 |
|
| 14 |
[1] http://tk-blog.blogspot.com/2009/02/checksec.html |
| 15 |
-- |
| 16 |
|
| 17 |
Kyle |
Archives