TraditionalMitigation

List all the traditional mitigations in compilers(GCC, Clang, etc.) to defend memory corruption

User space

Stack Protector
- -fstack-protector, -fstack-protector-all, -fstack-protector-strong
Heap protection
- enable by default
Double free checking
- enable by default
Libc pointer encryption
- enable by default
FORTIFY_SOURCE
- -D_FORTIFY_SOURCE=2-O2
Format String Protection
- -Wformat -Wformat-security
PIC/PIE
- -fPIC, -fPIE -pie
RELRO
- -Wl,-z,relro,-z,now
Stack clash protection
- -fstack-clash-protection

Kernel space

Stack Protector
- implemented in Linux Kernel
Slab/Slub/Slob Protection
- implemented in Linux kernel
FORTIFY_SOURCE
- implemented in Linux Kernel
NX
- implemented in Linux Kernel
SMAP/SMEP
- implemented in Linux kernel
ASLR(Address Space Layout Randomization)
- implemented in Linux Kernel
KASLR(Kernel Address Space Layout Randomization)
- implemented in Linux Kernel

References

[1] Secure Programming with GCC and GLibc

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
RELRO		RELRO
StackProtector		StackProtector
fortify_source		fortify_source
.gitignore		.gitignore
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
make.rule		make.rule

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RELRO

RELRO

StackProtector

StackProtector

fortify_source

fortify_source

.gitignore

.gitignore

LICENSE

LICENSE

Makefile

Makefile

README.md

README.md

make.rule

make.rule

Repository files navigation

TraditionalMitigation

User space

Kernel space

References

About

Releases

Packages

Languages

License

hardenedlinux/TraditionalMitigation

Folders and files

Latest commit

History

Repository files navigation

TraditionalMitigation

User space

Kernel space

References

About

Topics

Resources

License

Stars

Watchers

Forks

Languages