1 |
> Javier: good point, I haven't really considered the differences between the |
2 |
> use of fstack-protector and fstack-protector-all - maybe something to do in |
3 |
> the future. Would there be a way to find out which option was used on a given |
4 |
> binary 'post mortem'? (read: after compilation? ;)) |
5 |
|
6 |
While it doesn't differentiate between fstack-protector and |
7 |
fstack-protector-all this script [1] can detect RELRO, canary, NX/PAX |
8 |
& PIE: |
9 |
|
10 |
[509] kyle@blah:~/security-bin$ ./checksec-new.sh --file buggy |
11 |
RELRO STACK CANARY NX/PaX PIE FILE |
12 |
No RELRO Canary found NX enabled No PIE buggy |
13 |
|
14 |
[1] http://tk-blog.blogspot.com/2009/02/checksec.html |
15 |
-- |
16 |
|
17 |
Kyle |