Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Red Hat Enterprise Linux 9
System Settings
Kernel Configuration
Stack Protector buffer overlow detection
Stack Protector buffer overlow detection
An XCCDF Rule
Details
Profiles
Prose
Stack Protector buffer overlow detection
Medium Severity
This feature puts, at the beginning of functions, a canary value on the stack just before the return address, and validates the value just before actually returning. This configuration is available from kernel 4.18. The configuration that was used to build kernel is available at
/boot/config-*
. To check the configuration value for
CONFIG_STACKPROTECTOR
, run the following command:
grep CONFIG_STACKPROTECTOR /boot/config-*
For each kernel installed, a line with value "y" should be returned.