Quiz Entry - updated: 2026.07.14
How do you compile a C program with all major buffer overflow protections enabled?
Enable stack canaries, ASLR (PIE), DEP (NX), and FORTIFY_SOURCE with these GCC flags:
gcc -o program program.c \
-fstack-protector-strong \
-D_FORTIFY_SOURCE=2 \
-pie -fPIE \
-Wl,-z,relro,-z,now \
-Wformat -Wformat-security
| Flag | Protection |
|---|---|
-fstack-protector-strong |
Stack canaries on functions with buffers |
-D_FORTIFY_SOURCE=2 |
Runtime bounds checking for string functions |
-pie -fPIE |
Position-Independent Executable (full ASLR) |
-Wl,-z,relro,-z,now |
Read-only GOT (prevents GOT overwrite attacks) |
-Wformat -Wformat-security |
Warns about format string vulnerabilities |
To verify protections are active:
checksec --file=program
Tip: Modern Linux distributions enable most of these by default, but always verify for security-critical code.
Go deeper:
Buffer overflow protection (Wikipedia) — what canaries, RELRO, PIE/ASLR, and FORTIFY each defend against.