fortify-headers

standalone fortify-source implementation
git clone git://git.2f30.org/fortify-headers
Log | Files | Refs | README | LICENSE

README.md (3239B)


      1 # What is it?
      2 
      3 This is a [standalone implementation](https://git.2f30.org/fortify-headers/) of
      4 [fortify source]( http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html )
      5 level 3, providing compile time security checks.
      6 It is libc-agnostic and simply overlays the system headers by using the
      7 [`#include_next`](https://gcc.gnu.org/onlinedocs/cpp/Wrapper-Headers.html)
      8 extension found in GCC, and
      9 [black magic](https://github.com/jvoisin/fortify-headers/commit/fe149628eaae9748be08815d726cc56e8e492c73)
     10 on Clang. It was initially intended to be used on
     11 [musl](http://www.musl-libc.org/) based
     12 [Linux distributions](https://git.alpinelinux.org/aports/commit/?id=067a4f28825478911bb62be3b8da758d9722753e).
     13 
     14 # Features
     15 
     16 - It is portable, works on *BSD, Linux, Solaris and possibly others.
     17 - It will only trap non-conformant programs. This means that fortify
     18   level 2 is treated in the same way as level 1.
     19 - Avoids making function calls when undefined behaviour has already been
     20   invoked. This is handled by using `__builtin_trap()`.
     21 - Support for out-of-bounds read interfaces, such as send(), write(), fwrite() etc.
     22 - No ABI is enforced. All of the fortify check functions are inlined
     23   into the resulting binary.
     24 - It has a [comprehensive suite of
     25   tests](https://github.com/jvoisin/fortify-headers/tree/master/tests), running
     26   both on Clang and on GCC for every commit, on C89, C99, C11 and C17, with
     27   [significant coverage](https://jvoisin.github.io/fortify-headers/)
     28 - Defining `FORTIFY_USE_NATIVE_CHK` will make use of compiler-provided builtin `_chk`
     29   functions, which might be a bit better in term of diagnostics,
     30   but won't necessarily provide the same amount of security checks.
     31 - Defining `FORTIFY_PEDANTIC_CHECKS` will enable pedantic checks, that while technically
     32   correct, might break some programs relying on widely accepted
     33   undefined-behaviours.
     34 
     35 # Sample usage
     36 
     37 If you want to quickly test it, you can try something like the following:
     38 
     39 ```
     40 cat > fgets.c <<EOF
     41 #include <stdio.h>
     42 int
     43 main(void)
     44 {
     45 	char buf[BUFSIZ];
     46 	fgets(buf, sizeof(buf) + 1, stdin);
     47 	return 0;
     48 }
     49 EOF
     50 cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=3 -O1 fgets.c
     51 ./a.out
     52 ```
     53 
     54 At this point, the program will safely and loudly crash.
     55 
     56 
     57 # Supported interfaces
     58 
     59 - `FD_CLR`
     60 - `FD_SET`
     61 - `asprintf`
     62 - `bcopy`
     63 - `bzero`
     64 - `calloc`
     65 - `confstr`
     66 - `fdopen` 
     67 - `fgets`
     68 - `fgetws`
     69 - `fmemopen` 
     70 - `fopen` 
     71 - `fprintf` 
     72 - `fread`
     73 - `fwrite`
     74 - `getcwd`
     75 - `getdomainname`
     76 - `getgroups`
     77 - `gethostname`
     78 - `getlogin_r`
     79 - `malloc` 
     80 - `mbsnrtowcs`
     81 - `mbsrtowcs`
     82 - `mbstowcs`
     83 - `memchr` 
     84 - `memcpy`
     85 - `memmove`
     86 - `mempcpy`
     87 - `memset`
     88 - `poll`
     89 - `popen` 
     90 - `ppoll`
     91 - `pread`
     92 - `printf` 
     93 - `pwrite` 
     94 - `qsort` 
     95 - `read`
     96 - `readlink`
     97 - `readlinkat`
     98 - `realloc` 
     99 - `reallocarray` 
    100 - `realpath`
    101 - `recv`
    102 - `recvfrom`
    103 - `select` 
    104 - `send`
    105 - `sendto`
    106 - `snprintf`
    107 - `sprintf`
    108 - `stpcpy`
    109 - `stpncpy`
    110 - `strcat`
    111 - `strchr`
    112 - `strcpy`
    113 - `strlcat`
    114 - `strlcpy`
    115 - `strlen`
    116 - `strncat`
    117 - `strncpy`
    118 - `strrchr`
    119 - `tmpfile` 
    120 - `ttyname_r`
    121 - `umask` 
    122 - `vfprintf` 
    123 - `vprintf` 
    124 - `vasprintf`
    125 - `vsnprintf`
    126 - `vsprintf`
    127 - `wcrtomb`
    128 - `wcscat`
    129 - `wcscpy`
    130 - `wcsncat`
    131 - `wcsncpy`
    132 - `wcsnrtombs`
    133 - `wcsrtombs`
    134 - `wcstombs`
    135 - `wctomb`
    136 - `wmemcpy`
    137 - `wmemmove`
    138 - `wmemset`
    139 - `write`