concept

Stack Canaries

Stack canaries are a security mechanism used in computer programs to detect and prevent stack buffer overflow attacks. They involve placing a small, random value (the 'canary') on the stack between the local variables and the return address, and checking its integrity before a function returns. If the canary has been altered, it indicates a buffer overflow has occurred, and the program typically terminates to prevent exploitation.

Also known as: Stack cookies, Stack guards, Stack protector, Canary values, Buffer overflow protection
🧊Why learn Stack Canaries?

Developers should learn and use stack canaries when building software in languages like C or C++ that are vulnerable to buffer overflows, especially for security-critical applications such as operating systems, web servers, or embedded systems. They are essential for mitigating common exploits like return-oriented programming (ROP) and should be implemented alongside other defenses like address space layout randomization (ASLR) and non-executable stacks to provide layered protection.

Compare Stack Canaries

Stack Canaries vs Address Space Layout RandomizationStack Canaries vs Non Executable StackStack Canaries vs Control Flow Integrity

Learning Resources

📄
OWASP Buffer Overflow Protection
docs
📄
GCC Stack-Smashing Protector Documentation
docs
🎬
Stack Canaries - Computerphile Video
video
📝
Smashing the Stack for Fun and Profit
tutorial
🎓
Coursera - Software Security Course
course

Related Tools

Buffer OverflowMemory SafetyExploit MitigationC ProgrammingSecurity Hardening

Alternatives to Stack Canaries

Address Space Layout RandomizationNon Executable StackControl Flow Integrity