LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

How do you compile a C program with all major buffer overflow protections enabled?

Enable stack canaries, ASLR (PIE), DEP (NX), and FORTIFY_SOURCE with these GCC flags:

gcc -o program program.c \
    -fstack-protector-strong \
    -D_FORTIFY_SOURCE=2 \
    -pie -fPIE \
    -Wl,-z,relro,-z,now \
    -Wformat -Wformat-security
Flag Protection
-fstack-protector-strong Stack canaries on functions with buffers
-D_FORTIFY_SOURCE=2 Runtime bounds checking for string functions
-pie -fPIE Position-Independent Executable (full ASLR)
-Wl,-z,relro,-z,now Read-only GOT (prevents GOT overwrite attacks)
-Wformat -Wformat-security Warns about format string vulnerabilities

To verify protections are active:

checksec --file=program

Tip: Modern Linux distributions enable most of these by default, but always verify for security-critical code.

Go deeper:

From Quiz: SPRG / Buffer Overflow | Updated: Jul 14, 2026