fortify-headers

standalone fortify-source implementation
git clone git://git.2f30.org/fortify-headers.git
Log | Files | Refs | README | LICENSE

commit cebacfb06e82679ea2c2d64fac08611c23702ad9
parent c0815c880db5a40fad735556a1583aa340e2398d
Author: sin <sin@2f30.org>
Date:   Fri,  6 Mar 2015 17:55:22 +0000

More README updates

Diffstat:
README | 51++++++++++++++++++++++++++-------------------------
1 file changed, 26 insertions(+), 25 deletions(-)

diff --git a/README b/README @@ -3,22 +3,44 @@ What is it? This is a standalone implementation of fortify source[0]. It is libc-agnostic and simply overlays the system headers by using the #include_next extension found -in GCC and clang. It was initially designed to be used on musl[1] based Linux +in GCC and clang. It was initially intended to be used on musl[1] based Linux distributions. Features ======== -- It is portable, works on *BSD and Linux systems. +- It is portable, works on *BSD, Linux and possibly other systems. - It will only trap non-conformant programs. This means that fortify level 2 is treated in the same way as level 1. - Avoids making function calls when UB has already been invoked. This is handled by using __builtin_trap(). - Support for out-of-bounds read interfaces, such as send(), write(), fwrite() etc. -- No ABI is enforced. All of the check functions are inlined into the - resulting binary. +- No ABI is enforced. All of the fortify check functions are inlined + into the resulting binary. + + +Sample usage +============ + +A plan for integrating fortify into a system is still under discussion. +If you want to quickly test it, you can try something like the following: + +cat > fgets.c <<EOF +#include <stdio.h> +int +main(void) +{ + char buf[BUFSIZ]; + fgets(buf, sizeof(buf) + 1, stdin); + return 0; +} +EOF +cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=1 -O1 fgets.c +./a.out + +At this point, the program will crash. Supported interfaces @@ -84,26 +106,5 @@ wmemset write -Sample usage -============ - -A plan for integrating fortify into a system is still under discussion. -If you want to quickly test it, you can try something like the following: - -cat > fgets.c <<EOF -#include <stdio.h> -int -main(void) -{ - char buf[BUFSIZ]; - fgets(buf, sizeof(buf) + 1, stdin); - return 0; -} -EOF -cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=1 -O1 fgets.c -./a.out - -At this point, the program will crash. - [0] http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html [1] http://www.musl-libc.org/