Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: kakou <kakou@×××××.org>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] how to find out if something was compiled with -fstack-protector?
Date: Thu, 12 May 2005 09:24:59
Message-Id: 428320EF.107@kakou.org
In Reply to: Re: [gentoo-hardened] how to find out if something was compiled with -fstack-protector? by Chris Smart
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 I have tested on my box
5
6 wakka ~ # nm /bin/kill |grep __guard
7 nm: /bin/kill: no symbols
8 wakka ~ # readelf -s /bin/kill | grep __guard
9 53: 00000000 4 OBJECT GLOBAL DEFAULT UND __guard@GLIBC_2.3.2 (5)
10
11 nm seems not work(or not with these options), try with readelf
12
13 Chris Smart wrote:
14
15 > thanks for this... my amd64 doesn't seem to have used -fstack-protector
16 >
17 > cephas ~ # nm /bin/kill |grep __stack_smash_handler
18 > nm: /bin/kill: no symbols
19 >
20 > cephas ~ # nm /bin/kill |grep __guard
21 > nm: /bin/kill: no symbols
22 >
23 > is it something that I have to specify in my CFLAGS?
24 >
25 > ie: CFLAGS="-O2 -march=opteron -pipe -fomit-frame-pointer
26 > -fstack-protector" ?
27 >
28 > I *though* it was already included in gcc 3.4 for opterons..
29 >
30 > ta
31 >
32 > Kevin F. Quinn wrote:
33 >
34 >> Mike Frysinger wrote:
35 >>
36 >>
37 >>> On Wednesday 11 May 2005 08:04 am, Rob Holland wrote:
38 >>>
39 >>>
40 >>>> On Wed, May 11, 2005 at 10:51:18AM +0100, Pedro Venda wrote:
41 >>>>
42 >>>>
43 >>>>> I'm left with a doubt: how to find out if some binary was
44 >>>>> compiled with -fstack-protector gcc option?
45 >>>>>
46 >>>>
47 >>>> I think: nm /bin/foo|grep guard
48 >>>> should tell you, if you see a guard symbol, it has ssp.
49 >>>>
50 >>>
51 >>> nm doesnt always worked (it'll fail on stripped binaries), but
52 >>> `readelf > -s foo | grep guard` should work fine
53 >>>
54 >>
55 >>
56 >> '__guard' would be better than 'guard', to avoid false positives.
57 >> Personally I use '__stack_smash_handler'
58 >>
59 >> Kev.
60 >>
61 >>
62 >>
63 >>
64 >>
65 >>
66
67 -----BEGIN PGP SIGNATURE-----
68 Version: GnuPG v1.4.1 (GNU/Linux)
69 Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
70
71 iD8DBQFCgyDr3RS+hG/PB/URAiXzAJsFhpCXH0kz+52usEO1dNAIy6K9fwCdEFTe
72 fQT/09zACkewaP2X1OtygJc=
73 =4vxV
74 -----END PGP SIGNATURE-----
75
76 --
77 gentoo-hardened@g.o mailing list

Replies

Subject Author
Re: [gentoo-hardened] how to find out if something was compiled with -fstack-protector? Mike Frysinger <vapier@g.o>
Report Message
Find on MARC Find on Google Groups