Awesome
TraditionalMitigation
List all the traditional mitigations in compilers(GCC, Clang, etc.) to defend memory corruption
User space
-
Stack Protector
-fstack-protector,-fstack-protector-all,-fstack-protector-strong
-
Heap protection
- enable by default
-
Double free checking
- enable by default
-
Libc pointer encryption
- enable by default
-
FORTIFY_SOURCE
-D_FORTIFY_SOURCE=2-O2
-
Format String Protection
-Wformat -Wformat-security
-
PIC/PIE
-fPIC,-fPIE -pie
-
RELRO
-Wl,-z,relro,-z,now
-
Stack clash protection
-fstack-clash-protection
Kernel space
-
Stack Protector
- implemented in Linux Kernel
-
Slab/Slub/Slob Protection
- implemented in Linux kernel
-
FORTIFY_SOURCE
- implemented in Linux Kernel
-
NX
- implemented in Linux Kernel
-
SMAP/SMEP
- implemented in Linux kernel
-
ASLR(Address Space Layout Randomization)
- implemented in Linux Kernel
-
KASLR(Kernel Address Space Layout Randomization)
- implemented in Linux Kernel