| As computer and Internet have been widely used, the system security becomes more and more important. On Internet more and more systems face the big challenge of security, most of which come from the attacks of buffer overflows, and the most popular ways to attack the system are through stack or heap overflows. The lack of C/C++ program security or programmer's care is the reason of buffer overflow attacks. Since the Stack overflows attack can easily be performed and be very popular in buffer overflow attack, we should pay close attention on it. This kind of attacks is generally achieved by the carelessness of border condition check through modifying the process of local variables in stack to inject attack codes and thus change the operation procedure of program. It is the most dangerous attack just because of the possibility of obtains the authority of remote system administrators. In recent, there are many methods to prevent stack overflow attacks roughly by program compile, OS core, Structure of CPU etc. A few of them have the great impact, such as Stackguard which put Canary to detect the stack overflow; Stackshield which save the return address to guarantee the correct operation procedure; Libsafe which replace the insecurity library by the security one; Soloaris and Linux which provide the not executable stack and so on. They open up the later thinking. We will try to solve the problem through compiling open software GCC. Fist, we simply introduce the front content of GCC. The AST parsing tree will be built through source code, and then the RTL will be generated. Finally, the RTL will be handed to the back end. Last, we provide two kinds of separating data and code stack program runtime environments. Furthermore, we will analyze the security and compatibility of this structure. And briefly introduce how to realize the separating stack program runtime environment in GCC. |
PDF Full Text Request