diff options
| -rw-r--r-- | README | 51 |
1 files changed, 26 insertions, 25 deletions
| @@ -3,22 +3,44 @@ What is it? | |||
| 3 | 3 | ||
| 4 | This is a standalone implementation of fortify source[0]. It is libc-agnostic | 4 | This is a standalone implementation of fortify source[0]. It is libc-agnostic |
| 5 | and simply overlays the system headers by using the #include_next extension found | 5 | and simply overlays the system headers by using the #include_next extension found |
| 6 | in GCC and clang. It was initially designed to be used on musl[1] based Linux | 6 | in GCC and clang. It was initially intended to be used on musl[1] based Linux |
| 7 | distributions. | 7 | distributions. |
| 8 | 8 | ||
| 9 | 9 | ||
| 10 | Features | 10 | Features |
| 11 | ======== | 11 | ======== |
| 12 | 12 | ||
| 13 | - It is portable, works on *BSD and Linux systems. | 13 | - It is portable, works on *BSD, Linux and possibly other systems. |
| 14 | - It will only trap non-conformant programs. This means that fortify | 14 | - It will only trap non-conformant programs. This means that fortify |
| 15 | level 2 is treated in the same way as level 1. | 15 | level 2 is treated in the same way as level 1. |
| 16 | - Avoids making function calls when UB has already been invoked. This | 16 | - Avoids making function calls when UB has already been invoked. This |
| 17 | is handled by using __builtin_trap(). | 17 | is handled by using __builtin_trap(). |
| 18 | - Support for out-of-bounds read interfaces, such as send(), write(), | 18 | - Support for out-of-bounds read interfaces, such as send(), write(), |
| 19 | fwrite() etc. | 19 | fwrite() etc. |
| 20 | - No ABI is enforced. All of the check functions are inlined into the | 20 | - No ABI is enforced. All of the fortify check functions are inlined |
| 21 | resulting binary. | 21 | into the resulting binary. |
| 22 | |||
| 23 | |||
| 24 | Sample usage | ||
| 25 | ============ | ||
| 26 | |||
| 27 | A plan for integrating fortify into a system is still under discussion. | ||
| 28 | If you want to quickly test it, you can try something like the following: | ||
| 29 | |||
| 30 | cat > fgets.c <<EOF | ||
| 31 | #include <stdio.h> | ||
| 32 | int | ||
| 33 | main(void) | ||
| 34 | { | ||
| 35 | char buf[BUFSIZ]; | ||
| 36 | fgets(buf, sizeof(buf) + 1, stdin); | ||
| 37 | return 0; | ||
| 38 | } | ||
| 39 | EOF | ||
| 40 | cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=1 -O1 fgets.c | ||
| 41 | ./a.out | ||
| 42 | |||
| 43 | At this point, the program will crash. | ||
| 22 | 44 | ||
| 23 | 45 | ||
| 24 | Supported interfaces | 46 | Supported interfaces |
| @@ -84,26 +106,5 @@ wmemset | |||
| 84 | write | 106 | write |
| 85 | 107 | ||
| 86 | 108 | ||
| 87 | Sample usage | ||
| 88 | ============ | ||
| 89 | |||
| 90 | A plan for integrating fortify into a system is still under discussion. | ||
| 91 | If you want to quickly test it, you can try something like the following: | ||
| 92 | |||
| 93 | cat > fgets.c <<EOF | ||
| 94 | #include <stdio.h> | ||
| 95 | int | ||
| 96 | main(void) | ||
| 97 | { | ||
| 98 | char buf[BUFSIZ]; | ||
| 99 | fgets(buf, sizeof(buf) + 1, stdin); | ||
| 100 | return 0; | ||
| 101 | } | ||
| 102 | EOF | ||
| 103 | cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=1 -O1 fgets.c | ||
| 104 | ./a.out | ||
| 105 | |||
| 106 | At this point, the program will crash. | ||
| 107 | |||
| 108 | [0] http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html | 109 | [0] http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html |
| 109 | [1] http://www.musl-libc.org/ | 110 | [1] http://www.musl-libc.org/ |