最近,做一个调查,如何在Windows和Linux系统下,做堆栈执行保护,和ASLR(Address Space Layout Randomization)。找了好多材料,才找到,在这里总结一下:
OS | Execution space protection | ASLR (Address Space Layout Randomization) | Description | Check Tool |
Windows | Compiler Option: System option: | Compiler Option: System option: | Microsoft's Windows Vista (released January 2007), Windows Server 2008, Windows 7, and Windows Server 2008 R2 have ASLR enabled by default, although only for those executables and dynamic link libraries specifically linked to be ASLR-enabled.[7] This did not include Internet Explorer 7 on Windows Vista prior to Service Pack 1; ASLR and DEP are both disabled for application compatibility purposes. | Process explorer Windbg PllyDbg |
Linux | Compiler (Link) Option:
| Compiler Option:
| Linux has enabled a weak[6] form of ASLR by default since kernel version 2.6.12 (released June 2005). | 1) http://www.trapkit.de/tools/checksec.html 4) Command |
堆栈检测保护设置:
OS | Compiler flag |
Windows | /GS |
Linux | -fstack-protector-all -fstack-protector
|
randomize_va_space 的可能值如下:
Value | Description |
0 | ASLR is disabled |
1 | All supported formsof ASLR are enabled, except heap randomization |
2 | All supported formsof ASLR are enabled. |
exec-shield的取值如下:
Value | Description |
0 | Exec-shield (includingrandomized VM mapping) is disabled for all binaries, marked or not |
1 | Exec-shield is enabled forall marked binaries (default) |
2 | Exec-shield is enabled forall binaries, regardless of marking (to be used for testing purposes ONLY) |
在linux系统下,还有一个execstack 的命令可以设置库或者可执行文件的堆栈执行保护标志, 参数如下:
Value | Description | |
| Clear executablestack flag bit | |
-q, --query | Query executable stack flagbit | |
-s, --set-execstack | Set executable stack flagbit |
希望对大家在Windows和Linux下,保护缓冲区溢出有所帮助。