Skip to main content
Engineering LibreTexts

15.4: Code Injection Protections

  1. Last updated
  2. Save as PDF
  • Page ID
    19956

    • \( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \) \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)\(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\) \(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\)\(\newcommand{\AA}{\unicode[.8,0]{x212B}}\)

    A number of methods have been developed and implemented to protect against the stack buffer overflow. Some of these methods are summarized here. It must be noted that none of these methods are completely perfect.

    Data Stack Smashing Protector (or Canaries)

    Data stack smashing protector, also referred to as stack canaries, is used to detect a stack buffer overflow before execution of malicious code can occur. This works by placing an integer, the value of which is randomly chosen at program start, in memory just before the return address (rip) in the call frame. In order to overwrite the return address, and thus execute the injected code, the canary value must also be overwritten. This canary value is checked to make sure it has not changed before a routine pops the return address.

    For the GNU g++ compiler, this option (-f-stack-protector) is enabled by default. It can be turned off with the -fno-stack-protector compiler option. Turning it off would be necessary in order to perform testing using a C/C++ program of the injection techniques outlined in this chapter.

    Data Execution Prevention

    Data Execution Prevention(For more information, refer to: http://en.Wikipedia.org/wiki/Data_Ex...ion_Prevention) (DEP) is a security feature that marks areas of memory as either "executable" or "nonexecutable". Only code in a marked "executable" area is allowed to be executed. Code that is or injected into an area marked “nonexecutable” will not be allowed to execute. This helps prevent stack buffer overflow code injection.

    Data Address Space Layout Randomization

    Address space layout randomization (ASLR) is a technique to prevent an attacker from reliably jumping to the injected code. ASLR randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries.

    This page titled 15.4: Code Injection Protections is shared under a CC BY-NC-SA license and was authored, remixed, and/or curated by Ed Jorgensen.

    1. Back to top
    • Was this article helpful?

    Recommended articles

    1. Article type
      Section or Page
      Author
      Ed Jorgensen
      Autonumber Section Headings
      title with colon delimiters
      License
      CC BY-NC-SA
      Show TOC
      no
    2. Tags
      This page has no tags.