Security Hardening

Purpose

A buffer overflow attack exploits a buffer overflow vulnerability. Buffer overflow is a common and dangerous vulnerability in various operating systems and application software. Buffer overflow attacks may lead to program running failures, system shutdown, or system restart.

Over 50% of widely exploited network and distributed system security vulnerabilities are buffer overflows. The most dangerous buffer overflow is stack overflow. Attackers can exploit a stack overflow to change the return address of the program to a random address when the function returns. This causes program crashes and denial of service. Attackers can also change the address to malicious code, for example, code that jumps to shell and then executes malicious code.

Solution

Stack protection compiler options are provided to harden software security and prevent stack overflow attacks. You can run the clang --help | grep stack-protector command to view stack protection options.