
Stack clash mitigation in GCC, Part 3
In previous posts, Stack Clash Mitigation in GCC — Background and Stack Clash mitigation in GCC: Why -fstack-check is not the answer, I hopefully showed the basics of how stack clash attacks are structured and why GCC’s existing -fstack-check
mechanism is insufficient for protection.
So, what should we do? Clearly we want something similar to -fstack-check
, but without the fundamental problems. Enter a new option: -fstack-clash-protection
.
The key principles for code generation to prevent a stack clash attack are:
Continue reading “Stack clash mitigation in GCC, Part 3”