2015-03-06 16:42:15 +00:00
|
|
|
What is it?
|
|
|
|
===========
|
2015-02-28 15:39:31 +00:00
|
|
|
|
2015-03-06 16:42:15 +00:00
|
|
|
This is a standalone implementation of fortify source[0]. It is libc-agnostic
|
2015-03-06 16:52:26 +00:00
|
|
|
and simply overlays the system headers by using the #include_next extension found
|
2015-03-06 17:55:22 +00:00
|
|
|
in GCC and clang. It was initially intended to be used on musl[1] based Linux
|
2015-03-06 16:52:26 +00:00
|
|
|
distributions.
|
2015-02-28 15:41:13 +00:00
|
|
|
|
2015-03-06 16:42:15 +00:00
|
|
|
|
2015-03-06 16:53:48 +00:00
|
|
|
Features
|
|
|
|
========
|
2015-03-06 16:42:15 +00:00
|
|
|
|
2015-03-06 17:55:22 +00:00
|
|
|
- It is portable, works on *BSD, Linux and possibly other systems.
|
2015-03-06 16:42:15 +00:00
|
|
|
- It will only trap non-conformant programs. This means that fortify
|
|
|
|
level 2 is treated in the same way as level 1.
|
|
|
|
- Avoids making function calls when UB has already been invoked. This
|
2015-03-06 16:52:26 +00:00
|
|
|
is handled by using __builtin_trap().
|
2015-03-06 17:10:22 +00:00
|
|
|
- Support for out-of-bounds read interfaces, such as send(), write(),
|
|
|
|
fwrite() etc.
|
2015-03-06 17:55:22 +00:00
|
|
|
- No ABI is enforced. All of the fortify check functions are inlined
|
|
|
|
into the resulting binary.
|
|
|
|
|
|
|
|
|
|
|
|
Sample usage
|
|
|
|
============
|
|
|
|
|
|
|
|
A plan for integrating fortify into a system is still under discussion.
|
|
|
|
If you want to quickly test it, you can try something like the following:
|
|
|
|
|
|
|
|
cat > fgets.c <<EOF
|
|
|
|
#include <stdio.h>
|
|
|
|
int
|
|
|
|
main(void)
|
|
|
|
{
|
|
|
|
char buf[BUFSIZ];
|
|
|
|
fgets(buf, sizeof(buf) + 1, stdin);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
EOF
|
|
|
|
cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=1 -O1 fgets.c
|
|
|
|
./a.out
|
|
|
|
|
|
|
|
At this point, the program will crash.
|
2015-03-06 16:42:15 +00:00
|
|
|
|
|
|
|
|
2015-03-06 17:15:02 +00:00
|
|
|
Supported interfaces
|
|
|
|
====================
|
|
|
|
|
|
|
|
FD_CLR
|
|
|
|
FD_SET
|
|
|
|
bcopy
|
|
|
|
bzero
|
|
|
|
confstr
|
|
|
|
fgets
|
|
|
|
fgetws
|
|
|
|
fread
|
|
|
|
fwrite
|
|
|
|
getcwd
|
|
|
|
getdomainname
|
|
|
|
getgroups
|
|
|
|
gethostname
|
|
|
|
getlogin_r
|
|
|
|
mbsnrtowcs
|
|
|
|
mbsrtowcs
|
|
|
|
mbstowcs
|
|
|
|
memcpy
|
|
|
|
memmove
|
|
|
|
mempcpy
|
|
|
|
memset
|
|
|
|
poll
|
|
|
|
ppoll
|
|
|
|
pread
|
|
|
|
read
|
|
|
|
readlink
|
|
|
|
readlinkat
|
|
|
|
realpath
|
|
|
|
recv
|
|
|
|
recvfrom
|
|
|
|
send
|
|
|
|
sendto
|
|
|
|
snprintf
|
|
|
|
sprintf
|
|
|
|
stpcpy
|
|
|
|
stpncpy
|
|
|
|
strcat
|
|
|
|
strcpy
|
|
|
|
strlcat
|
|
|
|
strlcpy
|
|
|
|
strncat
|
|
|
|
strncpy
|
|
|
|
ttyname_r
|
|
|
|
vsnprintf
|
|
|
|
vsprintf
|
|
|
|
wcrtomb
|
|
|
|
wcscat
|
|
|
|
wcscpy
|
|
|
|
wcsncat
|
|
|
|
wcsncpy
|
|
|
|
wcsnrtombs
|
|
|
|
wcsrtombs
|
|
|
|
wcstombs
|
|
|
|
wctomb
|
|
|
|
wmemcpy
|
|
|
|
wmemmove
|
|
|
|
wmemset
|
|
|
|
write
|
|
|
|
|
|
|
|
|
2015-03-06 16:42:15 +00:00
|
|
|
[0] http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
|
|
|
|
[1] http://www.musl-libc.org/
|