atmos
/
fortify-headers
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
standlone fortify heaaders
90 Commits 2 Branches 11 Tags 159 KiB
C 98.1%
Makefile 1.9%
Go to file
sin 9ded4dde0c Update README 2015-03-06 16:42:15 +00:00
include Fix some checks in wchar.h 2015-03-06 12:39:11 +00:00
LICENSE Relicense under 0-clause BSD 2015-02-21 21:22:26 +00:00
Makefile Add README to make dist 2015-02-28 15:40:15 +00:00
README Update README 2015-03-06 16:42:15 +00:00

README 

What is it?
===========

This is a standalone implementation of fortify source[0].  It is libc-agnostic
and simply overlays the system headers by using GCC's #include_next.  It was
initially designed to be used on musl[1] based Linux distributions.


Why?
====

- It is portable, works on *BSD and Linux systems.
- It will only trap non-conformant programs.  This means that fortify
  level 2 is treated in the same way as level 1.
- Avoids making function calls when UB has already been invoked.  This
  is handled by using GCC's __builtin_trap().
- All of the check functions are inlined into the resulting binary.


How to use?
===========

A plan for integrating fortify into a Linux distribution is still in
planning stages.  If you want to quickly test it, you can try something
like the following:

cat > fgets.c <<EOF
#include <stdio.h>
int
main(void)
{
	char buf[BUFSIZ];
	fgets(buf, sizeof(buf) + 1, stdin);
	return 0;
}
EOF
cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=1 -O1 fgets.c
./a.out

At this point, the program will crash.

[0] http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
[1] http://www.musl-libc.org/