1 files changed, 112 insertions, 0 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..fda8cba
--- /dev/null
+++ b/README.md
@@ -0,0 +1,112 @@
+# What is it?
+This is a [standalone implementation](https://git.2f30.org/fortify-headers/) of
+[fortify source]( http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html )
+level 3, providing compile time security checks. It is libc-agnostic and simply
+overlays the system headers by using the
+[`#include_next`](https://gcc.gnu.org/onlinedocs/cpp/Wrapper-Headers.html)
+extension found in GCC, and [black
+magic](https://github.com/jvoisin/fortify-headers/commit/fe149628eaae9748be08815d726cc56e8e492c73)
+on Clang. It was initially intended to be used on
+[musl](http://www.musl-libc.org/) based Linux
+distributions like [Alpine Linux](https://alpinelinux.org),
+[Chimera Linux](https://chimera-linux.org/).
+# Features
+- It is portable, works on *BSD, Linux, Solaris and possibly others.
+- It will only trap non-conformant programs. This means that fortify
+  level 2 is treated in the same way as level 1.
+- Avoids making function calls when undefined behaviour has already been
+  invoked. This is handled by using `__builtin_trap()`.
+- Support for out-of-bounds read interfaces, such as send(), write(), fwrite() etc.
+- No ABI is enforced. All of the fortify check functions are inlined
+  into the resulting binary.
+- It has a comprehensive suite of
+  tests, running on multiple versions of Clang and GCC,
+  as well as on C89, C99, C11 and C17.
+# Sample usage
+If you want to quickly test it, you can try something like the following:
+```
+cat > fgets.c <<EOF
+#include <stdio.h>
+int
+main(void)
+{
+        char buf[BUFSIZ];
+        fgets(buf, sizeof(buf) + 1, stdin);
+        return 0;
+}
+EOF
+cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=3 -O1 fgets.c
+./a.out
+```
+At this point, the program will safely crash.
+Supported interfaces
+====================
+FD_CLR
+FD_SET
+bcopy
+bzero
+confstr
+fgets
+fgetws
+fread
+fwrite
+getcwd
+getdomainname
+getgroups
+gethostname
+getlogin_r
+mbsnrtowcs
+mbsrtowcs
+mbstowcs
+memcpy
+memmove
+mempcpy
+memset
+poll
+ppoll
+pread
+read
+readlink
+readlinkat
+realpath
+recv
+recvfrom
+send
+sendto
+snprintf
+sprintf
+stpcpy
+stpncpy
+strcat
+strcpy
+strlcat
+strlcpy
+strncat
+strncpy
+ttyname_r
+vsnprintf
+vsprintf
+wcrtomb
+wcscat
+wcscpy
+wcsncat
+wcsncpy
+wcsnrtombs
+wcsrtombs
+wcstombs
+wmemcpy
+wmemmove
+wmemset
+write

diff --git a/README.md b/README.md new file mode 100644 index 0000000..fda8cba --- /dev/null +++ b/README.md
@@ -0,0 +1,112 @@
	1	# What is it?
	2
	3	This is a [standalone implementation](https://git.2f30.org/fortify-headers/) of
	4	[fortify source]( http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html )
	5	level 3, providing compile time security checks. It is libc-agnostic and simply
	6	overlays the system headers by using the
	7	[`#include_next`](https://gcc.gnu.org/onlinedocs/cpp/Wrapper-Headers.html)
	8	extension found in GCC, and [black
	9	magic](https://github.com/jvoisin/fortify-headers/commit/fe149628eaae9748be08815d726cc56e8e492c73)
	10	on Clang. It was initially intended to be used on
	11	[musl](http://www.musl-libc.org/) based Linux
	12	distributions like [Alpine Linux](https://alpinelinux.org),
	13	[Chimera Linux](https://chimera-linux.org/).
	14
	15
	16	# Features
	17
	18	- It is portable, works on *BSD, Linux, Solaris and possibly others.
	19	- It will only trap non-conformant programs. This means that fortify
	20	level 2 is treated in the same way as level 1.
	21	- Avoids making function calls when undefined behaviour has already been
	22	invoked. This is handled by using `__builtin_trap()`.
	23	- Support for out-of-bounds read interfaces, such as send(), write(), fwrite() etc.
	24	- No ABI is enforced. All of the fortify check functions are inlined
	25	into the resulting binary.
	26	- It has a comprehensive suite of
	27	tests, running on multiple versions of Clang and GCC,
	28	as well as on C89, C99, C11 and C17.
	29
	30
	31	# Sample usage
	32
	33	If you want to quickly test it, you can try something like the following:
	34
	35	```
	36	cat > fgets.c <<EOF
	37	#include <stdio.h>
	38	int
	39	main(void)
	40	{
	41	char buf[BUFSIZ];
	42	fgets(buf, sizeof(buf) + 1, stdin);
	43	return 0;
	44	}
	45	EOF
	46	cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=3 -O1 fgets.c
	47	./a.out
	48	```
	49
	50	At this point, the program will safely crash.
	51
	52
	53	Supported interfaces
	54	====================
	55
	56	FD_CLR
	57	FD_SET
	58	bcopy
	59	bzero
	60	confstr
	61	fgets
	62	fgetws
	63	fread
	64	fwrite
	65	getcwd
	66	getdomainname
	67	getgroups
	68	gethostname
	69	getlogin_r
	70	mbsnrtowcs
	71	mbsrtowcs
	72	mbstowcs
	73	memcpy
	74	memmove
	75	mempcpy
	76	memset
	77	poll
	78	ppoll
	79	pread
	80	read
	81	readlink
	82	readlinkat
	83	realpath
	84	recv
	85	recvfrom
	86	send
	87	sendto
	88	snprintf
	89	sprintf
	90	stpcpy
	91	stpncpy
	92	strcat
	93	strcpy
	94	strlcat
	95	strlcpy
	96	strncat
	97	strncpy
	98	ttyname_r
	99	vsnprintf
	100	vsprintf
	101	wcrtomb
	102	wcscat
	103	wcscpy
	104	wcsncat
	105	wcsncpy
	106	wcsnrtombs
	107	wcsrtombs
	108	wcstombs
	109	wmemcpy
	110	wmemmove
	111	wmemset
	112	write