Tables that list and describe gcc and linker flags that deal with protection mechanisms of linux binaries.
| Flag | Description |
|---|---|
-fno-stack-protector |
Canary is disabled |
-fstack-protector |
Canary is enabled for functions with potential vulnerable objects (default) |
-fstack-protector-all |
Canary is enabled for all functions |
| Flag | Description |
|---|---|
-z noexecstack |
Data is not executable (default) |
-z execstack |
Disable NX, data is executable |
| Flag | Description |
|---|---|
-no-pie |
Binary will not be Position Independent Executable |
-pie |
Binary will be Position Independent Executable (default) |
| Flag | Description |
|---|---|
-Wl,-z,norelro |
Relocation read-only will be disabled |
-Wl,-z,relro |
Partial RELRO, forces the GOT to come before the BSS in memory (default) |
-Wl,-z,relro,-z,now |
Full Relro, GOT will be read-only |
| Flag | Description |
|---|---|
-D_FORTIFY_SOURCE=1 -O1 |
Disabled (default) |
-D_FORTIFY_SOURCE=2 -O2 |
Enabled, perform extra checks when employing various string and memory manipulation functions |
Note: -O<n> sets compiler optimization level .
This is not a flag, but I decided to place this here either way. The commands below set ASLR for the entire system.
Enable:
echo 2 | sudo tee /proc/sys/kernel/randomize_va_space
Disable:
echo 0 | sudo tee /proc/sys/kernel/randomize_va_space
Flags passed with -z, are sent directly to the linker.
Compile binary with NX disabled:
gcc target.c -o target -z execstack
Compile binary without canary:
gcc target.c -o target -fno-stack-protector