I have enabled the GCC Format Security feature in the menuconfig and manage to successfully make compilation. How do I check whether the GCC format security is active and able to protect the router from buffer overflow attack? Is there any tools that I could use to check?
Add a couple of lines with a vulnerability to some arbitrary .c file that you know gets compiled? There are some examples that should trigger the warning at https://fedoraproject.org/wiki/Format-Security-FAQ, seems like it could be as simple as this...
char foo[10240];
scanf("%s", foo);
printf(foo); /* Bzzzt! */
1 Like