Medium ELF binaries do not enforce secure binary properties

Description

RELRO: RELRO is a memory protection technique to harden against memory corruption exploitation techniques. RELRO prevents GOT overwrite attacks.

ASLR: ASLR is a memory protection technique to harden against memory corruption exploitation technique. ASLR randomizes the address space of binary to prevent controlled address jumps.

No eXecute: Mark memory region as non-executable to harden against memory corruption exploitation technique.

Stack canary: Add a canary to memory that gets overwritten in the case of a memory corruption. The canary is checked at runtime to prevent the exploitation of the memory corruption vulnerability.

Recommendation

If Stack canary is missing, Compilers such as GCC enable this feature if requested through compiler options:

  • -fstack-protector: Check for stack smashing in functions with vulnerable objects. This includes functions with buffers larger than 8 bytes or calls to alloca.
  • -fstack-protector-strong: Like -fstack-protector, but also includes functions with local arrays or references to local frame addresses.
  • -fstack-protector-all: Check for stack smashing in every function.

Technical details

Binary lib/arm64-v8a/libapp.so:

  • Do not enforce full RELRO
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FILE
No RELRO        No canary found   NX enabled    DSO             No RPATH   No RUNPATH   lib/arm64-v8a/libapp.so

Binary lib/armeabi-v7a/libapp.so:

  • Do not enforce full RELRO
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FILE
No RELRO        No canary found   NX enabled    DSO             No RPATH   No RUNPATH   lib/armeabi-v7a/libapp.so