Stack protection

They are enabled by any of the following compiler options:

-fstack-protector

Protects any function that declares a character array of eight bytes or more in length on its stack.

-fstack-protector-all

Protects all functions.

-fstack-protector-strong

Balanced between -fstack-protector and -fstack-protector-all, the purpose of this option is to gain performance while sacrificing little security by broadening the scope of the stack protection without extending it to every function in the program.

By default, qcc implicitly uses the -fstack-protector-strong option. However, when you directly invoke either ntoaarch64-gcc or ntox86_64-gcc, -fstack-protector-strong is not implicitly used.

In addition, qcc does not implicitly use -fstack-protector-strong when you specify any of the following compiler or linker options:

• -fno-stack-protector
• -fstack-protector
• -fstack-protector-all
• -ffreestanding
• -nostdlib

Binaries built for QNX Neutrino are built with a non-executable stack by default. The stack’s executable state is found in a QNX-specific ELF note of type QNT_STACK.

The following example command checks the executable state of the less utility:

$ elfnote -t QNT_STACK -p less 
QNX specific note (name = QNX, type = 3) 
type : QNT_STACK 
stacksize : 0 
stackalloc : 4096 
executable : no 
hex : 000000000010000001000000 

For more information on QNX Neutrino note types, see the elfnote entry in the Utilities Reference.

You can use the qchecksec utility to determine both whether stack cookies are enabled for a binary and a stack's executable state. See the qchecksec entry in the Utilities Reference.