Dynamic

Non Executable Stack vs Stack Canaries

Developers should understand and use Non Executable Stack when building secure applications, especially in systems programming, embedded systems, or any environment prone to memory corruption vulnerabilities meets developers should learn and use stack canaries when building software in languages like c or c++ that are vulnerable to buffer overflows, especially for security-critical applications such as operating systems, web servers, or embedded systems. Here's our take.

🧊Nice Pick

Non Executable Stack

Developers should understand and use Non Executable Stack when building secure applications, especially in systems programming, embedded systems, or any environment prone to memory corruption vulnerabilities

Non Executable Stack

Nice Pick

Developers should understand and use Non Executable Stack when building secure applications, especially in systems programming, embedded systems, or any environment prone to memory corruption vulnerabilities

Pros

  • +It is critical for preventing stack-based attacks, such as return-oriented programming (ROP), and is a standard practice in modern operating systems like Linux (with PaX or Exec Shield) and Windows (with Data Execution Prevention)
  • +Related to: buffer-overflow-protection, memory-protection

Cons

  • -Specific tradeoffs depend on your use case

Stack Canaries

Developers should learn and use stack canaries when building software in languages like C or C++ that are vulnerable to buffer overflows, especially for security-critical applications such as operating systems, web servers, or embedded systems

Pros

  • +They are essential for mitigating common exploits like return-oriented programming (ROP) and should be implemented alongside other defenses like address space layout randomization (ASLR) and non-executable stacks to provide layered protection
  • +Related to: buffer-overflow, memory-safety

Cons

  • -Specific tradeoffs depend on your use case

The Verdict

Use Non Executable Stack if: You want it is critical for preventing stack-based attacks, such as return-oriented programming (rop), and is a standard practice in modern operating systems like linux (with pax or exec shield) and windows (with data execution prevention) and can live with specific tradeoffs depend on your use case.

Use Stack Canaries if: You prioritize they are essential for mitigating common exploits like return-oriented programming (rop) and should be implemented alongside other defenses like address space layout randomization (aslr) and non-executable stacks to provide layered protection over what Non Executable Stack offers.

🧊
The Bottom Line
Non Executable Stack wins

Developers should understand and use Non Executable Stack when building secure applications, especially in systems programming, embedded systems, or any environment prone to memory corruption vulnerabilities

Learn about Non Executable Stack →Learn about Stack Canaries →

Disagree with our pick? nice@nicepick.dev