What is it? =========== This is a standalone implementation of fortify source[0]. It provides compile time buffer checks. It is libc-agnostic and simply overlays the system headers by using the #include_next extension found in GCC. It was initially intended to be used on musl[1] based Linux distributions[2]. Features ======== - It is portable, works on *BSD, Linux, Solaris and possibly others. - It will only trap non-conformant programs. This means that fortify level 2 is treated in the same way as level 1. - Avoids making function calls when undefined behaviour has already been invoked. This is handled by using __builtin_trap(). - Support for out-of-bounds read interfaces, such as send(), write(), fwrite() etc. - No ABI is enforced. All of the fortify check functions are inlined into the resulting binary. Sample usage ============ If you want to quickly test it, you can try something like the following: cat > fgets.c < int main(void) { char buf[BUFSIZ]; fgets(buf, sizeof(buf) + 1, stdin); return 0; } EOF cc -I -D_FORTIFY_SOURCE=1 -O1 fgets.c ./a.out At this point, the program will safely crash. Supported interfaces ==================== The following interfaces are overriden to provide buffer overflow runtime checks. FD_CLR FD_SET bcopy bzero confstr fgets fgetws fread fwrite getcwd getdomainname getgroups gethostname getlogin_r mbsnrtowcs mbsrtowcs mbstowcs memcpy memmove mempcpy memset poll ppoll pread read readlink readlinkat realpath recv recvfrom send sendto snprintf sprintf stpcpy stpncpy strcat strcpy strlcat strlcpy strncat strncpy ttyname_r vsnprintf vsprintf wcrtomb wcscat wcscpy wcsncat wcsncpy wcsnrtombs wcsrtombs wcstombs wctomb wmemcpy wmemmove wmemset write [0] http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html [1] http://www.musl-libc.org/ [2] http://git.alpinelinux.org/cgit/aports/commit/?id=067a4f28825478911bb62be3b8da758d9722753e