ELF binaries do not enforce secure binary properties

ELF binaries do not enforce secure binary properties

Risk: hardening

Description

Compilers, Operating Systems and Processors provide a set of techniques to protect and mitigate the risk of memory corruption vulnerabilities like Buffer Overflow or memory exploitation techniques like ROP (Return-Oriented-Programming).

Native code can easily benefit from protections like:

• RELRO: RELRO is a memory protection technique to harden against memory corruption exploitation techniques. RELRO prevents GOT overwrite attacks.
• ASLR: ASLR is a memory protection technique to harden against memory corruption exploitation technique. ASLR randomizes the address space of binary to prevent controlled address jumps.
• No eXecute: Mark memory region as non-executable to harden against memory corruption exploitation technique.
• Stack canary: Add a canary to memory that gets overwritten in the case of a memory corruption. The canary is checked at runtime to prevent the exploitation of the memory corruption vulnerability.

Recommendation

To ensure that the stack canary feature is enabled when compiling with GCC, you can specify one of the compiler options:

• For basic stack protection, use -fstack-protector.
• For stronger protection including functions with local arrays or references to local frame addresses, use -fstack-protector-strong.
• For comprehensive protection checking in every function, use -fstack-protector-all.

Links

• Address Space Layout Randomization (ASLR)
• No Execute (NX/DEP)
• Buffer Overflow Protection

Standards

• OWASP_MASVS_L1:
  • MSTG_CODE_9
• OWASP_MASVS_v2_1:
  • MASVS_CODE_2
• OWASP_MASVS_L2:
  • MSTG_CODE_9
• PCI_STANDARDS:
  • REQ_2_2