Questions tagged [gcc]

GCC is the GNU Compiler Collection. It's the de facto standard C compiler on Linux and supports many other languages and platforms as well.

30 questions
72
votes
6 answers

Is it dangerous to compile arbitrary C?

I have a small server and I would like to check compile times on C programs provided by users. The programs would never be run only compiled. What risks are there to allowing users to compile arbitrary C using gcc 5.4.0?
68
votes
2 answers

What is the most hardened set of options for GCC compiling C/C++?

What set of GCC options provide the best protection against memory corruption vulnerabilities such as Buffer Overflows, and Dangling Pointers? Does GCC provide any type of ROP chain mitigation? Are there performance concerns or other issues that…
rook
  • 46,916
  • 10
  • 92
  • 181
15
votes
3 answers

Compiling a buffer overflow example in modern Linux?

I'm trying to compile a simple buffer overflow example on a Debian i386 VM. The executable builds ok, but EIP does not get overwritten correctly despite being supplied a sufficiently large input to overflow the buffer and overwrite the pushed EIP…
B-MO
  • 313
  • 2
  • 6
6
votes
2 answers

Is it possible to crack g++ rand()?

So, I have this: I know that some code was used to generate a random sequence, and it looked roughly like this: #include #include int main() { const std::string alphabet =…
Akiiino
  • 161
  • 5
5
votes
2 answers

Is compiling untrusted code safe?

I'm curious about compiling with gcc/g++/clang with the assumption that headers and implementation files are user-provided, but not the build configuration. (i.e., no cd lib && make) What if the user could provide object files to link against too…
PSkocik
  • 270
  • 1
  • 8
5
votes
1 answer

Bypass va_randomize_space and stack-protector

Is a program compiled with the GCC -fstack-protector option and running in a Linux environment with the va_randomize_space kernel variable set to 1, totally protected against buffer overflow attacks? If not, what is the common technique to produce a…
Davide Berra
  • 153
  • 1
  • 6
5
votes
1 answer

Compiling with GCC retpoline flags

As of version 8 (later backported to 7.3), GCC has added retpoline support [0]. While I understand that it is intended[citation needed] for use in kernel patching for Spectre (ie: [1][2]), that does not prevent normal developers from using those…
esote
  • 371
  • 2
  • 12
5
votes
1 answer

How does GCC's -mmitigate-rop work?

GCC 6 has a flag, -mmitigate-rop, which compiles binaries in a way that reduces the number gadgets exploitable by ROP. The GCC documentation explaining this feature is minimal: -mmitigate-rop Try to avoid generating code sequences that contain…
forest
  • 64,616
  • 20
  • 206
  • 257
5
votes
1 answer

Software mitigation for Spectre v2

I run Debian as my OS and Guix as my package manager. I also run (approximately) latest kernel built using Guix. According to spectre-meltdown-checker, my kernel has mitigation for v1, v2 and v3. However, latest stable GCC (7.3) has implemented…
Alex Vong
  • 182
  • 6
5
votes
1 answer

Gentoo Hardened vs other distros

I was wondering if the hardened profile from Gentoo was really more secure than any other distro (like Debian, RHEL, Arch ...). For those who don't know, Gentoo hardened allows a system to be built system-wide with specific hardening GCC options…
Rabbit
  • 53
  • 1
  • 4
4
votes
2 answers

How does gcc compiler guard stack for stack overflow?

When we compile c program with gcc, we have to inlude "-z execstack" option to enable stack overflow attack. The question I want to ask is how does gcc implement this . Without this option, how does gcc guard the stack? Please explain me in detail…
popo
  • 61
  • 1
  • 4
4
votes
1 answer

Custom EXE Template Metasploit 64-bit ASM PE Syntax

I asked this previously then deleted since I think I asked the question without gearing it towards msfvenom and custom EXE templates. There is a 64-bit Windows PE written in assembly that ships with Metasploit that I am trying to compile to an EXE…
3
votes
1 answer

the state of ASLR, PIE, SSP on Debian in 2018?

As far as I remember, most Debian Wheezy packages were not compiled with those useful security flags (ASLR, PIE, SSP, and more). Did the situation improve with Debian Squeeze or the upcoming Debian Buster ? By comparison, Ubuntu and Fedora have a…
puzzle
  • 81
  • 6
3
votes
0 answers

How to exploit a stack-overflow without setting -mpreferred-stack-boundary=2

I have been playing with some wargames and I ported some of then on my Linux machine as well. I noticed that when not using -mpreferred-stack-boundary=2, gcc might compile "main" with an interesting prologue/epilogue: effectively "relying on $ecx…
nilminus
  • 31
  • 2
2
votes
1 answer

How do I compare the safety of a compiled program with optimization flag?

I would like to know how I can know which is the safest compilation line, that is: Having several compilation lines in, for example, GCC, how do I know which one is more secure? Hardening would be a good solution? What do you recommend? Does the…
sgio
  • 21
  • 3
1
2