Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)
configname: CONFIG_CC_STACKPROTECTOR
Linux Kernel Configuration
└─>Processor type and features
└─>Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)
In linux kernel since version 2.6.19 (release Date: 2006-11-29)
This option turns on the -fstack-protector GCC feature. This
feature puts, at the beginning of functions, a canary value on
the stack just before the return address, and validates
the value just before actually returning. Stack based buffer
overflows (that need to overwrite this return address) now also
overwrite the canary, which gets detected and the attack is then
neutralized via a kernel panic.
This feature requires gcc version 4.2 or above, or a distribution
gcc with the feature backported. Older versions are automatically
detected and for those versions, this configuration option is
ignored. (and a warning is printed during bootup)
feature puts, at the beginning of functions, a canary value on
the stack just before the return address, and validates
the value just before actually returning. Stack based buffer
overflows (that need to overwrite this return address) now also
overwrite the canary, which gets detected and the attack is then
neutralized via a kernel panic.
This feature requires gcc version 4.2 or above, or a distribution
gcc with the feature backported. Older versions are automatically
detected and for those versions, this configuration option is
ignored. (and a warning is printed during bootup)