Explain what is a canary in the context of compiler implemen

Explain what is a canary in the context of compiler implemented counter measures against buffer overflow attacks. Where is the canary value placed in the stack frame and how should it be used when a function call returns in order to detect a buffer overflow attack attempt?

Solution

Answer:

Counter Measures against Buffer overflow attacks

Three main counter measures can help prevent buffer-overflow attacks those are mentioned below

1)Disable un needed services.

2)Protect your Linux systems with either a firewall or a host-based intrusion prevention system (IPS).

3)Enable another access control mechanism, such as TCP Wrappers, that authenticates users with a password.

where is the canary value placed in the stack frame

stack frame:
a)when one function calls another it needs somewhere to save the return address.

b)also needs locations to save the parameters to be passed in to the called function and to possibly save register values.

=> canary values modify a program\'s stack frame to detect but not prevent buffer overflow attacks, imposing a worst case behavior for the system under attack. Notable examples of canary value systems are StackGuard and ProPolice.

=> The compiler generates additional instructions, so that the function prologue will add a so-called canary value to the stack frame between the return address and the local variables.