| Binary | Architecture | Packed | ASLR | Canary | NX | PIE | RELRO | Fortify | {% if binaries | count == 0 %}|||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| No binaries were found | |||||||||||||||
| {{ b.name }} | {{ b.data.arch }} | {{ b.data.packed }} | {% if b.data.aslr %}Yes{% else %} | No{% endif %} | {% if b.data.canary %}Yes{% else %} | No{% endif %} | {% if b.data.nx %}Yes{% else %} | No{% endif %} | {% if b.data.pie %}Yes{% else %} | No{% endif %} | {% if b.data.relro == "Full" %}Full {% elif b.data.relro == "Partial" %} | Partial {% else %} | No{% endif %} | {% if b.data.fortify %}Yes{% else %} | No{% endif %} |
Address space layout randomization (ASLR) is a computer security technique involved in preventing exploitation of memory corruption vulnerabilities. In order to prevent an attacker from reliably jumping to, for example, a particular exploited function in memory, ASLR randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries.
Stack canaries are used to detect a stack buffer overflow before execution of malicious code can occur. This method works by placing a small integer, the value of which is randomly chosen at program start, in memory just before the stack return pointer. Most buffer overflows overwrite memory from lower to higher memory addresses, so in order to overwrite the return pointer (and thus take control of the process) the canary value must also be overwritten. This value is checked to make sure it has not changed before a routine uses the return pointer on the stack. This technique can greatly increase the difficulty of exploiting a stack buffer overflow because it forces the attacker to gain control of the instruction pointer by some non-traditional means such as corrupting other important variables on the stack
The NX bit (no-execute) is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions (code) or for storage of data, a feature normally only found in Harvard architecture processors. However, the NX bit is being increasingly used in conventional von Neumann architecture processors for security reasons. An operating system with support for the NX bit may mark certain areas of memory as non-executable. The processor will then refuse to execute any code residing in these areas of memory. The general technique, known as executable space protection, also called Write XOR Execute, is used to prevent certain types of malicious software from taking over computers by inserting their code into another program's data storage area and running their own code from within this section; one class of such attacks is known as the buffer overflow attack.
Position-independent executables (PIE) are executable binaries made entirely from position-independent code. While some systems only run PIC executables, there are other reasons they are used. PIE binaries are used in some security-focused Linux distributions to allow PaX or Exec Shield to use address space layout randomization to prevent attackers from knowing where existing executable code is during a security attack using exploits that rely on knowing the offset of the executable code in the binary, such as return-to-libc attacks.
Relocation Read-Only (RELRO) ensures that the Global Offset Table (GOT) cannot be overwritten in vulnerable ELF binaries. In practice there are two ways that RELRO can be implemented:
FullThe entire GOT and Procedure Linkage Table (PLT) is marked as read-only. This prevents hijacking of addresses stored in the GOT. This is considered the most secure implementation of RELRO
PartialThe non-PLT part of the GOT section is read only but .got.plt is still writeable. While the GOT is fully protected against writing it is still possible for an attacker to write to the PLT.