Stack protection

Updated: May 06, 2022

Stack cookies provide protection against stack buffer overflow on stack-allocated variables, preventing program misbehaviours.

They are enabled by any of the following compiler options:

-fstack-protector
Protects any function that declares a character array of eight bytes or more in length on its stack.
-fstack-protector-all
Protects all functions.
-fstack-protector-strong
Balanced between -fstack-protector and -fstack-protector-all, the purpose of this option is to gain performance while sacrificing little security by broadening the scope of the stack protection without extending it to every function in the program.
QNX Neutrino compile utilities include -fstack-protector-strong by default.

Binaries built for QNX Neutrino are built with a non-executable stack by default. The stack’s executable state is found in a QNX-specific ELF note of type QNT_STACK.

The following example command checks the executable state of the less utility:

$ elfnote -t QNT_STACK -p less 
QNX specific note (name = QNX, type = 3) 
type : QNT_STACK 
stacksize : 0 
stackalloc : 4096 
executable : no 
hex : 000000000010000001000000 

For more information on QNX Neutrino note types, see the elfnote entry in the Utilities Reference.

You can use the qchecksec utility to determine both whether stack cookies are enabled for a binary and a stack's executable state. See the qchecksec entry in the Utilities Reference.