Highest Voted 'gcc' Questions - IT Security Stack Exchange

72

votes

6 answers

Is it dangerous to compile arbitrary C?

I have a small server and I would like to check compile times on C programs provided by users. The programs would never be run only compiled. What risks are there to allowing users to compile arbitrary C using gcc 5.4.0?

c gcc

asked Oct 06 '16 at 02:01

Sriotchilism O'Zaic

523
1
4
7

68

votes

2 answers

What is the most hardened set of options for GCC compiling C/C++?

What set of GCC options provide the best protection against memory corruption vulnerabilities such as Buffer Overflows, and Dangling Pointers? Does GCC provide any type of ROP chain mitigation? Are there performance concerns or other issues that…

buffer-overflow gcc c++

asked Nov 24 '12 at 03:25

rook

46,916
10
92
181

15

votes

3 answers

Compiling a buffer overflow example in modern Linux?

I'm trying to compile a simple buffer overflow example on a Debian i386 VM. The executable builds ok, but EIP does not get overwritten correctly despite being supplied a sufficiently large input to overflow the buffer and overwrite the pushed EIP…

buffer-overflow aslr dep gcc

asked Sep 15 '15 at 06:41

B-MO

313
2
6

6

votes

2 answers

Is it possible to crack g++ rand()?

So, I have this: I know that some code was used to generate a random sequence, and it looked roughly like this: #include #include int main() { const std::string alphabet =…

exploit random c++ gcc

asked Mar 30 '16 at 14:03

Akiiino

161
5

5

votes

2 answers

Is compiling untrusted code safe?

I'm curious about compiling with gcc/g++/clang with the assumption that headers and implementation files are user-provided, but not the build configuration. (i.e., no cd lib && make) What if the user could provide object files to link against too…

c c++ gcc

asked Jul 01 '15 at 12:05

PSkocik

270
1
8

5

votes

1 answer

Bypass va_randomize_space and stack-protector

Is a program compiled with the GCC -fstack-protector option and running in a Linux environment with the va_randomize_space kernel variable set to 1, totally protected against buffer overflow attacks? If not, what is the common technique to produce a…

attacks linux buffer-overflow gcc

asked Apr 11 '13 at 08:51

Davide Berra

153
1
6

5

votes

1 answer

Compiling with GCC retpoline flags

As of version 8 (later backported to 7.3), GCC has added retpoline support [0]. While I understand that it is intended[citation needed] for use in kernel patching for Spectre (ie: [1][2]), that does not prevent normal developers from using those…

c spectre compiler gcc

asked May 21 '18 at 02:40

esote

371
2
12

5

votes

1 answer

How does GCC's -mmitigate-rop work?

GCC 6 has a flag, -mmitigate-rop, which compiles binaries in a way that reduces the number gadgets exploitable by ROP. The GCC documentation explaining this feature is minimal: -mmitigate-rop Try to avoid generating code sequences that contain…

compiler gcc rop

asked Mar 10 '18 at 07:08

forest

64,616
20
206
257

5

votes

1 answer

Software mitigation for Spectre v2

I run Debian as my OS and Guix as my package manager. I also run (approximately) latest kernel built using Guix. According to spectre-meltdown-checker, my kernel has mitigation for v1, v2 and v3. However, latest stable GCC (7.3) has implemented…

spectre gcc

asked Feb 14 '18 at 18:13

Alex Vong

182
6

5

votes

1 answer

Gentoo Hardened vs other distros

I was wondering if the hardened profile from Gentoo was really more secure than any other distro (like Debian, RHEL, Arch ...). For those who don't know, Gentoo hardened allows a system to be built system-wide with specific hardening GCC options…

hardening gcc

asked Mar 16 '16 at 19:40

Rabbit

53
1
4

4

votes

2 answers

How does gcc compiler guard stack for stack overflow?

When we compile c program with gcc, we have to inlude "-z execstack" option to enable stack overflow attack. The question I want to ask is how does gcc implement this . Without this option, how does gcc guard the stack? Please explain me in detail…

stack-overflow gcc

asked May 25 '18 at 12:30

popo

61
1
4

4

votes

1 answer

Custom EXE Template Metasploit 64-bit ASM PE Syntax

I asked this previously then deleted since I think I asked the question without gearing it towards msfvenom and custom EXE templates. There is a 64-bit Windows PE written in assembly that ships with Metasploit that I am trying to compile to an EXE…

metasploit assembly gcc msfvenom

asked Jan 17 '18 at 04:05

user9225381

41
2

3

votes

1 answer

the state of ASLR, PIE, SSP on Debian in 2018?

As far as I remember, most Debian Wheezy packages were not compiled with those useful security flags (ASLR, PIE, SSP, and more). Did the situation improve with Debian Squeeze or the upcoming Debian Buster ? By comparison, Ubuntu and Fedora have a…

hardening aslr debian gcc

asked Aug 10 '18 at 11:04

puzzle

81
6

3

votes

0 answers

How to exploit a stack-overflow without setting -mpreferred-stack-boundary=2

I have been playing with some wargames and I ported some of then on my Linux machine as well. I noticed that when not using -mpreferred-stack-boundary=2, gcc might compile "main" with an interesting prologue/epilogue: effectively "relying on $ecx…

gcc exploit

asked Jan 09 '16 at 20:04

nilminus

31
2

2

votes

1 answer

How do I compare the safety of a compiled program with optimization flag?

I would like to know how I can know which is the safest compilation line, that is: Having several compilation lines in, for example, GCC, how do I know which one is more secure? Hardening would be a good solution? What do you recommend? Does the…

linux c hardening compiler gcc

asked Mar 10 '21 at 14:59

sgio

21
3

Questions tagged [gcc]