What is stack Smashing protection?
From http://www.trl.ibm.com/projects/security/ssp/ .
It is a GCC (Gnu Compiler Collection) extension for protecting applications from stack-smashing attacks. Applications written in C will be protected by the method that automatically inserts protection code into an application at compilation time. The protection is realized by buffer overflow detection and the variable reordering feature to avoid the corruption of pointers. The basic idea of buffer overflow detection comes from StackGuard system.
How to Bypass SSP?
Let say our program named unprotect.c. To bypass the stack smashing protection, we just compile it with -fno-stack-protector option.
user@user:~$ gcc -fno-stack-protector unprotect.c -o unprotect
so, when we text the code, the SSP is not activated when we smash the stack.
user@user:~$printf "%0516x" | ./unprotect
yahoo.. we did it..