Stack canaries in Swift vs. Objective-C #6
Comments
titison
added a commit
to titison/checksec.rs
that referenced
this issue
Nov 11, 2023
`_swift_release` is the ARC symbol for swift according to: https://stackoverflow.com/questions/34700937/profiling-swift-with-instruments-what-exactly-is-swift-retain `___chkstk_darwin` is the Stack Canary symbol for swift according to: https://forums.swift.org/t/what-is-chkstk-darwin/59519
titison
added a commit
to titison/checksec.rs
that referenced
this issue
Nov 12, 2023
`_swift_release` is the ARC symbol for swift according to: https://stackoverflow.com/questions/34700937/profiling-swift-with-instruments-what-exactly-is-swift-retain `___chkstk_darwin` is the Stack Canary symbol for swift according to: https://forums.swift.org/t/what-is-chkstk-darwin/59519
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
checksec.rs seems to be the only checksec tool that also checks Mach-O files. I stumbled upon this tool due to this check. However, the stack canaries check looks up symbols related to Objective-C code, which is also suggested in guides such as the Mobile Security Testing Guide. According to what I read on the Internet, Swift code has a per default built-in stack protection. For Swift libraries, the stack canary is shown to be disabled. It is misleading, but I don't know how to implement a better check. Maybe the tool could call them ObjC Stack canaries to be a bit more specific. Maybe the tool could add a heuristic check, if the library is Swift-based, Objective-C-based or mixed. Maybe it is more clear than.
The text was updated successfully, but these errors were encountered: