README.md (3239B)
1 # What is it? 2 3 This is a [standalone implementation](https://git.2f30.org/fortify-headers/) of 4 [fortify source]( http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html ) 5 level 3, providing compile time security checks. 6 It is libc-agnostic and simply overlays the system headers by using the 7 [`#include_next`](https://gcc.gnu.org/onlinedocs/cpp/Wrapper-Headers.html) 8 extension found in GCC, and 9 [black magic](https://github.com/jvoisin/fortify-headers/commit/fe149628eaae9748be08815d726cc56e8e492c73) 10 on Clang. It was initially intended to be used on 11 [musl](http://www.musl-libc.org/) based 12 [Linux distributions](https://git.alpinelinux.org/aports/commit/?id=067a4f28825478911bb62be3b8da758d9722753e). 13 14 # Features 15 16 - It is portable, works on *BSD, Linux, Solaris and possibly others. 17 - It will only trap non-conformant programs. This means that fortify 18 level 2 is treated in the same way as level 1. 19 - Avoids making function calls when undefined behaviour has already been 20 invoked. This is handled by using `__builtin_trap()`. 21 - Support for out-of-bounds read interfaces, such as send(), write(), fwrite() etc. 22 - No ABI is enforced. All of the fortify check functions are inlined 23 into the resulting binary. 24 - It has a [comprehensive suite of 25 tests](https://github.com/jvoisin/fortify-headers/tree/master/tests), running 26 both on Clang and on GCC for every commit, on C89, C99, C11 and C17, with 27 [significant coverage](https://jvoisin.github.io/fortify-headers/) 28 - Defining `FORTIFY_USE_NATIVE_CHK` will make use of compiler-provided builtin `_chk` 29 functions, which might be a bit better in term of diagnostics, 30 but won't necessarily provide the same amount of security checks. 31 - Defining `FORTIFY_PEDANTIC_CHECKS` will enable pedantic checks, that while technically 32 correct, might break some programs relying on widely accepted 33 undefined-behaviours. 34 35 # Sample usage 36 37 If you want to quickly test it, you can try something like the following: 38 39 ``` 40 cat > fgets.c <<EOF 41 #include <stdio.h> 42 int 43 main(void) 44 { 45 char buf[BUFSIZ]; 46 fgets(buf, sizeof(buf) + 1, stdin); 47 return 0; 48 } 49 EOF 50 cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=3 -O1 fgets.c 51 ./a.out 52 ``` 53 54 At this point, the program will safely and loudly crash. 55 56 57 # Supported interfaces 58 59 - `FD_CLR` 60 - `FD_SET` 61 - `asprintf` 62 - `bcopy` 63 - `bzero` 64 - `calloc` 65 - `confstr` 66 - `fdopen` 67 - `fgets` 68 - `fgetws` 69 - `fmemopen` 70 - `fopen` 71 - `fprintf` 72 - `fread` 73 - `fwrite` 74 - `getcwd` 75 - `getdomainname` 76 - `getgroups` 77 - `gethostname` 78 - `getlogin_r` 79 - `malloc` 80 - `mbsnrtowcs` 81 - `mbsrtowcs` 82 - `mbstowcs` 83 - `memchr` 84 - `memcpy` 85 - `memmove` 86 - `mempcpy` 87 - `memset` 88 - `poll` 89 - `popen` 90 - `ppoll` 91 - `pread` 92 - `printf` 93 - `pwrite` 94 - `qsort` 95 - `read` 96 - `readlink` 97 - `readlinkat` 98 - `realloc` 99 - `reallocarray` 100 - `realpath` 101 - `recv` 102 - `recvfrom` 103 - `select` 104 - `send` 105 - `sendto` 106 - `snprintf` 107 - `sprintf` 108 - `stpcpy` 109 - `stpncpy` 110 - `strcat` 111 - `strchr` 112 - `strcpy` 113 - `strlcat` 114 - `strlcpy` 115 - `strlen` 116 - `strncat` 117 - `strncpy` 118 - `strrchr` 119 - `tmpfile` 120 - `ttyname_r` 121 - `umask` 122 - `vfprintf` 123 - `vprintf` 124 - `vasprintf` 125 - `vsnprintf` 126 - `vsprintf` 127 - `wcrtomb` 128 - `wcscat` 129 - `wcscpy` 130 - `wcsncat` 131 - `wcsncpy` 132 - `wcsnrtombs` 133 - `wcsrtombs` 134 - `wcstombs` 135 - `wctomb` 136 - `wmemcpy` 137 - `wmemmove` 138 - `wmemset` 139 - `write`