Master the fundamental concepts of binary exploitation through this focused micro-challenge.
A stack canary is a randomly chosen value placed on the stack between local variables and the saved return address. Before the function returns, the canary is checked. If it changed, a buffer overflow occurred and the program aborts via __stack_chk_fail().
The compiler inserts checks automatically with -fstack-protector:
fs:0x28 on x64)__stack_chk_fail() and terminates the processCanary types:
strcpy)You will demonstrate how a canary detects buffer overflow corruption and document what happens when __stack_chk_fail fires. Canaries do not prevent overflow, but they stop the attacker from controlling RIP unless they can leak the canary value first.
Attackers leak the canary value through format string bugs or partial reads, then include the correct canary in their overflow payload to pass the check. The canary sits in a thread-local slot at fs:0x28 on Linux x64, copied onto the stack at function entry. Building with -fstack-protector-all protects every function, not just those with char arrays, at a small performance cost.
Implement a C program that demonstrates stack canaries.
Requirements:
Success Criteria:
Three hints are available for this task, revealed one at a time inside the code workspace so you can struggle productively before seeing them.
All starter code and reference implementations are available for your local setup.
View on Github