From the course: Threat Modeling: Denial of Service and Elevation of Privilege

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Stack canaries to protect your code

Stack canaries to protect your code

From the course: Threat Modeling: Denial of Service and Elevation of Privilege

Start my 1-month free trial

Stack canaries to protect your code

- [Narrator] Beyond managing variables, compilers, linkers, and related tools, can provide meaningful defenses. There's two basic forms, validation and randomization. In this context, validation means adding checks to make sure memory is laid out the way the system expects it to be, while randomization moves memory around to make it harder for an attacker to plan their attack. A good example of a validation defense is a stack canary. This is a secret value that gets written onto the end of the stack. Many attacks work by overwriting the stack and replacing the return pointer that tells the CPU what to do when it's done with the instructions for a given function. So we put a canary on the stack and if the canary dies, so does our program. A moment's thought should lead you to why that's the right thing. Another validation style defense is to mark some memory as non-executable. When an attacker jumps to non-executable…

Contents