Binary Security Features

Security features in binaries prevent programs from being exploited and manipulated. These features mitigate potential bugs caused by vulnerabilities such as buffer overflows or predictable memory layouts.

For a given binary, security features can be enumerated using pwndbg's checksec command.

Typical example of checksec output:

pwndbg> checksec
File:     /home/admin/sboxshare/ropemporium/split/split
Arch:     amd64
RELRO:      Partial RELRO
Stack:      No canary found
NX:         NX enabled
PIE:        No PIE (0x400000)
Stripped:   No

Stack Canaries

Stack canaries are used to verify the integrity of the stack. Every time the program is run, a secret value is placed on the stack. The value is checked on every function return. If it has changed, the stack has likely been modified or tampered with, in which case the program is aborted.

If stack canaries are disabled, exploits through buffer overflows are much easier to achieve.

No eXecute (NX)

Also known as Data Execution Prevention (DEP), this feature makes the stack non-executable. This prevents custom shellcode from being inserted into the stack and executed.

Binaries with NX enabled are immune to shellcode injection.

Position-Independent Executable (PIE)

PIE and Address Space Layout Randomization (ASLR) randomize the locations of the program in memory, making it harder to build exploits that rely on hard-coded addresses. In practice, this means that any symbol addresses (like libc) have to be leaked for every time the program runs.