[cfe-users] Disabling stack protection on OSX 10.11

Mark Wadham via cfe-users cfe-users at lists.llvm.org
Tue Sep 29 09:08:36 PDT 2015


Not sure if this is the right place to ask this question but I'll try 

I can't seem to disable the stack protection on OSX 10.11 using clang 

$ clang --version
Apple LLVM version 7.0.0 (clang-700.0.72)
Target: x86_64-apple-darwin15.0.0
Thread model: posix

Compiling with:

gcc -o a a.c -fno-stack-protector -D_FORTIFY_SOURCE=0 

I've also used change_mach_o_flags.py to set the heap executable and am 
also setting:

sysctl -w vm.allow_stack_exec = 1

If I then write a test program that handles a buffer in an unsafe way, I 
can overflow it and get rip to jump to say, the address of an 
environment variable, but as soon as that happens the system segfaults 
as if it's being caught by stack protection.

Not sure if this output from vmmap from a running instance of the 
compiled program is useful:

# vmmap 49625 |grep -i stack
STACK GUARD            00007fff58157000-00007fff5b957000 [ 56.0M] 
---/rwx SM=NUL  stack guard for thread 0
Stack                  00007fff5b957000-00007fff5c157000 [ 8192K] 
rw-/rwx SM=PRV  thread 0
STACK GUARD                       56.0M        2
Stack                             8192K        2

Is there some new kernel-based stack protection that can't be turned off 
in 10.11?

Any help much appreciated.


More information about the cfe-users mailing list