5

I was looking for a way to enable stack canaries for my ios application in swift but then i found that recent version of xcodes have the flag required to enable stack canaries is enabled by default. So then i was looking for a way to ensure the stack canaries are enabled and as the other sites say i tried with the otool command in terminal($ otool -Iv appName |grep stack_chk) to ensure it and expecting it to return 'stack_chk_guard and stack_chk_fail' flags but it did not return any value/flags. So I then tried setting manually the flag '-fstack-protector-all' under 'other C flags', still I could see no flags with otool command.

enter image description here

What am I missing here ? or am I misinterpreting something ? how can I assure myself that stack canaries are enabled for my application ?

XiOS
  • 1,665
  • 2
  • 18
  • 22

1 Answers1

11

Looks like you are doing everything correctly. Please double check:

  1. You are setting -fstack-protector-all flag for main target "Other C Flags". Or you are setting it for project settings and has $(inherited) in target build settings.
  2. Build your application and in build log (in report navigator, cmd+8) check where is AppName.app package
  3. cd path-to-package/AppName.app
  4. use otool on binary file: otool -Iv AppName| grep stack
Alexey Kozhevnikov
  • 4,249
  • 1
  • 21
  • 29
  • Am doing the exact 4 steps exactly.. no idea whats going wrong. – XiOS Sep 04 '17 at 19:51
  • @XiOS do you have a single Objective-C file in your project? – Alexey Kozhevnikov Sep 04 '17 at 19:57
  • There are few header files included actually @Aleksey – XiOS Sep 05 '17 at 02:31
  • Ok I just seen that stack canaries are enabled by default for one of my projects in the workspace and not for other.. not sure yet what the reason would be.. – XiOS Sep 05 '17 at 03:15
  • In xCode 9.2 (targeting iOS 11.2), the Build Settings "Other C Flags" seem to also support `fstack-protector-strong` (https://outflux.net/blog/archives/2014/01/27/fstack-protector-strong/) per the grep. However, in xCode 9.2, the Report Navigator is now mapped to cmd+9. I am working on an Ionic3 (Cordova 7.1.0) project and after setting these flags and rebuilding the iOS project, all is good. I found my executable to grep (Foo) in /platforms/ios/Foo.xcarchive/Products/Applications/Foo.app/ – Russ Jan 17 '18 at 19:52
  • What should the output of the otool command be to indicate stack canaries is enabled vs disabled? – Jordan H Sep 06 '22 at 17:21