Navigation: Linux Kernel Driver DataBase - web LKDDB: Main index - S index

CONFIG_STACKPROTECTOR: Stack Protector buffer overflow detection

General informations

The Linux kernel configuration item CONFIG_STACKPROTECTOR:

Help text

This option turns on the "stack-protector" GCC feature. This feature puts, at the beginning of functions, a canary value on the stack just before the return address, and validates the value just before actually returning. Stack based buffer overflows (that need to overwrite this return address) now also overwrite the canary, which gets detected and the attack is then neutralized via a kernel panic.

Functions will have the stack-protector canary logic added if they have an 8-byte or larger character array on the stack.

This feature requires gcc version 4.2 or above, or a distribution gcc with the feature backported ("-fstack-protector").

On an x86 "defconfig" build, this feature adds canary checks to about 3% of all kernel functions, which increases kernel code size by about 0.3%.



Raw data from LKDDb:


This page is automaticly generated with free (libre, open) software lkddb(see lkddb-sources).

The data is retrived from:

Automatic links from Google (and ads)

Custom Search

Popular queries:

Navigation: Linux Kernel Driver DataBase - web LKDDB: main index - S index

Automatically generated (in year 2018) with in lkddb-sources.