In previous posts, Stack Clash Mitigation in GCC — Background and Stack Clash mitigation in GCC: Why -fstack-check is not the answer, I hopefully showed the basics of how stack clash attacks are structured and why GCC’s existing
-fstack-check mechanism is insufficient for protection.
So, what should we do? Clearly we want something similar to
-fstack-check, but without the fundamental problems. Enter a new option:
The key principles for code generation to prevent a stack clash attack are:
Continue reading “Stack clash mitigation in GCC, Part 3”