I'm reading about Canaries on the buffer overflow protection wiki and don't understand how to tell which canary are used in a program, that being terminator, random and random XOR. I'm on Debian 32-bit with a program in C with GCC version 10.3.0 . After compiling with -fstack-protector and looking at what I think is the value stored on the stack for the canary, I see that the value changes every time the program is started. Does this mean that random canaries are used? Is there a way to know absolutely what type of carny is used? Is it listed somewhere in GCC docs or can the types be determined looking at the program in GDB?
6,606 7 7 gold badges 26 26 silver badges 45 45 bronze badges asked Oct 19, 2021 at 0:38 adrewSchucany adrewSchucany 11 1 1 bronze badgeTwo helpful articles: sans.org/blog/stack-canaries-gingerly-sidestepping-the-cage, and mcuoneclipse.com/2019/09/28/…. To answer your question: it sounds like your particular version of GCC is using a random canary (or perhaps a random XOR canary). Other types might include Null canary, Terminator canary and Custom canary. You can always generate assembly output ("gcc -S myfile.c" with "-fstack-protector" or "-fstack-protector-all"), or look at the GCC source code.
Commented Oct 19, 2021 at 0:50 Related questions When and how to use GCC's stack protection feature? Question with stack smashing protection and buffer overflows gcc -fno-stack-protector option Related questions When and how to use GCC's stack protection feature? Question with stack smashing protection and buffer overflows gcc -fno-stack-protector option GCC how to detect stack buffer overflow Stack Guard and Stack Smashing Protection - canaries, memory Disabling stack protection in GCC not working Mechanisms for stack buffer overflow detection? Turning off stack protection Stack canaries can be disabled by compiler? Position of GCC stack canaries