In our previous article about Stack Clash, we covered the basics of the Stack Clash vulnerability. To summarize, an attacker first uses various means to bring the heap and stack close together. A large stack allocation is then used to “jump the stack guard.” Subsequent stores into the stack may modify objects in the heap or vice versa. This, in turn, can be used by attackers to gain control over applications.
GCC has a capability (
-fstack-check), which looked promising for mitigating Stack Clash attacks. This article will cover how
-fstack-check works and why it is insufficient for mitigating Stack Clash attacks.
Continue reading “Stack Clash mitigation in GCC: Why -fstack-check is not the answer”