Problem: Attackers exploiting stack overrun bugs can gain control of an application Fix By: Compiling with -fstack-protector-strong Waive If: Don't Example: FAIL: stack-prot test because insufficient protection enabled Example: FAIL: stack-prot test because stack protection deliberately disabled Example: FAIL: stack-prot test because only some functions protected Example: FAIL: stack-prot test because insufficient Stack Safe sanitization
This test checks that the application has been compiled with stack protection enabled. For gcc this means using the -fstack-protector-strong option and for Clang the -fsanitize=safe-stack option. The gcc option does have some levels of protection other than strong, but strong is the only one that provides full protection.
The stack protection feature adds checks to compiled code that attempt to detect buffer overflows for local buffers. These are often a source of vulnerability that can be exploited by an attacker.
If necessary the test can be disabled via the --skip-stack-prot option and re-enabled via the --test-stack-prot option.