Based on StackGuard, Stack Smashing Protector (SSP) was developed by IBM's Hiroaki Etoh for protecting applications from stack smashing attacks. This is the single largest class of attacks. There has been some effort to include SSP in the mainstream GCC, but this has yet to surface. Many distributions have included SSP, some enable it by default while others leave it optional. This protection uses minimal time and space overhead while protecting all functions. Reports of a 1-2% performance loss are typical, which is negligible and can be easily overcome by optimizations.
The patch for GCC adds -fstack-protector-all, -fstack-protector, and -fno-stack-protector to extensions for
C and C++. -Wstack-protector
is also available to warn when SSP is not used. The patch for Libc
adds __guard_setup and __stack_smash_handler to libc.so and libc.a.
__guard_setup is a function used to
create a unique and random value for __guard each run time. In the event of a stack
overflow the __stack_smash_handler
function will use the Libc syslog facility to record the overflow,
which typically depends on /dev/log,
and will abort the program.
-fstack-protector only
protects functions with arrays of length seven of less. -fstack-protector-all protects all
functions regardless of array size. Because the __guard_setup function is in Libc anything compiled
with -fstack-protector* will
need to preload libc.so (or
libc.a). Most applications already do
this. libc.so itself, ld.so, libbsd-compat.so, etc, are exceptions which do not
preload libc.so, and so they can not be
built with this protection.
See also:
Operating system distributors using SSP (there are many more):