1 files changed, 41 insertions, 8 deletions
diff --git a/README b/README
index 0cbc797..936fa3c 100644
--- a/README
+++ b/README
@@ -1,10 +1,43 @@
-This is a standalone implementation of fortify source.  The implementation
+What is it?
-is libc-agnostic and simply overlays the system headers by using
+===========
-#include_next magic.
-The implementation will trap only non-conformant programs.  This in turn
+This is a standalone implementation of fortify source[0].  It is libc-agnostic
-implies that fortify source level 2 protection is handled in the same way
+and simply overlays the system headers by using GCC's #include_next.  It was
-as level 1.
+initially designed to be used on musl[1] based Linux distributions.
-This implementation does not provide binary compatibility with existing
-fortify source implementations.
+Why?
+====
+- It is portable, works on *BSD and Linux systems.
+- It will only trap non-conformant programs.  This means that fortify
+  level 2 is treated in the same way as level 1.
+- Avoids making function calls when UB has already been invoked.  This
+  is handled by using GCC's __builtin_trap().
+- All of the check functions are inlined into the resulting binary.
+How to use?
+===========
+A plan for integrating fortify into a Linux distribution is still in
+planning stages.  If you want to quickly test it, you can try something
+like the following:
+cat > fgets.c <<EOF
+#include <stdio.h>
+int
+main(void)
+{
+        char buf[BUFSIZ];
+        fgets(buf, sizeof(buf) + 1, stdin);
+        return 0;
+}
+EOF
+cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=1 -O1 fgets.c
+./a.out
+At this point, the program will crash.
+[0] http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
+[1] http://www.musl-libc.org/

diff --git a/README b/README index 0cbc797..936fa3c 100644 --- a/README +++ b/README
@@ -1,10 +1,43 @@
1	This is a standalone implementation of fortify source. The implementation	1	What is it?
2	is libc-agnostic and simply overlays the system headers by using	2	===========
3	#include_next magic.
4		3
5	The implementation will trap only non-conformant programs. This in turn	4	This is a standalone implementation of fortify source[0]. It is libc-agnostic
6	implies that fortify source level 2 protection is handled in the same way	5	and simply overlays the system headers by using GCC's #include_next. It was
7	as level 1.	6	initially designed to be used on musl[1] based Linux distributions.
8		7
9	This implementation does not provide binary compatibility with existing	8
10	fortify source implementations.	9	Why?
		10	====
		11
		12	- It is portable, works on *BSD and Linux systems.
		13	- It will only trap non-conformant programs. This means that fortify
		14	level 2 is treated in the same way as level 1.
		15	- Avoids making function calls when UB has already been invoked. This
		16	is handled by using GCC's __builtin_trap().
		17	- All of the check functions are inlined into the resulting binary.
		18
		19
		20	How to use?
		21	===========
		22
		23	A plan for integrating fortify into a Linux distribution is still in
		24	planning stages. If you want to quickly test it, you can try something
		25	like the following:
		26
		27	cat > fgets.c <<EOF
		28	#include <stdio.h>
		29	int
		30	main(void)
		31	{
		32	char buf[BUFSIZ];
		33	fgets(buf, sizeof(buf) + 1, stdin);
		34	return 0;
		35	}
		36	EOF
		37	cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=1 -O1 fgets.c
		38	./a.out
		39
		40	At this point, the program will crash.
		41
		42	[0] http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
		43	[1] http://www.musl-libc.org/