-fno-stack-protector is not working

Question

I have written the following C program to see the working of buffer overflows. I have saved this program file with name bo.c

    #include<stdio.h>
    #include<string.h>

    int authentication(char *key)
    {
        int auth=0;
        char pass[10];
        strcpy(pass, key);
        if(strcmp(pass, "hello")==0)
            auth=1; 
        else
            auth=0;
        return auth;
    }

    int main(int argc, char *argv[])
    {
        if(authentication(argv[1]))
        {
            printf("----------------------------------\nACCESS  GRANTED\n---------------------------------");
}
        else
        {
            printf("Access Denied! Wrong password!");
        }
    return 0;
    }   

But I am not able to see the effect of buffer overflow because the stack is protected. But when I am compiling it with the -fno-stack-protector flag, it is showing that it is an unrecognized option.

What is the problem here? Am I doing something wrong in the usage of the gcc command?

Answer 1

You are correctly doing the command but it is unrecgonized due to your configuration.

gcc -fno-stack-protector bo.c

I would recommend reinstalling gcc or trying in another linux distro. Also feel free to look at this article on the use of -fno-stack-protector as it gives some insight as to why it may be disabled. (Do to possible configurations with Makefile disabling the flag)

--------Edit----------

After looking further into this, I would recommend looking at: -fstack-protector-all or -fstack-protector

I was messing around with your code and found this might be what you're trying to do and your current setup may allow it.

My CMD Output

Answer 2

I think the correct command like this :

gcc -o bo bo.c -fno-stack-protector