README.md (2986B)
1 # What is it? 2 3 This is a [standalone implementation](https://git.2f30.org/fortify-headers/) of 4 [fortify source]( http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html ). 5 It provides compile time buffer checks. 6 It is libc-agnostic and simply overlays the system headers by using the 7 [`#include_next`](https://gcc.gnu.org/onlinedocs/cpp/Wrapper-Headers.html) 8 extension found in GCC, and 9 [black magic](https://github.com/jvoisin/fortify-headers/commit/fe149628eaae9748be08815d726cc56e8e492c73) 10 on Clang. It was initially intended to be used on 11 [musl](http://www.musl-libc.org/) based 12 [Linux distributions](https://git.alpinelinux.org/aports/commit/?id=067a4f28825478911bb62be3b8da758d9722753e). 13 14 15 # Features 16 17 - It is portable, works on *BSD, Linux, Solaris and possibly others. 18 - It will only trap non-conformant programs. This means that fortify 19 level 2 is treated in the same way as level 1. 20 - Avoids making function calls when undefined behaviour has already been 21 invoked. This is handled by using `__builtin_trap()`. 22 - Support for out-of-bounds read interfaces, such as send(), write(), 23 fwrite() etc. 24 - No ABI is enforced. All of the fortify check functions are inlined 25 into the resulting binary. 26 - It has a [comprehensive suite of tests](https://github.com/jvoisin/fortify-headers/tree/master/tests), 27 running both on Clang and on GCC for every commit, with 28 [significant coverage](https://jvoisin.github.io/fortify-headers/) 29 - Defining `USE_NATIVE_CHK` will make use of compiler-provided builtin `_chk` 30 functions, which might be a bit better in term of diagnostics, 31 but won't necesarily provide the same amount of security checks. 32 33 34 # Sample usage 35 36 If you want to quickly test it, you can try something like the following: 37 38 ``` 39 cat > fgets.c <<EOF 40 #include <stdio.h> 41 int 42 main(void) 43 { 44 char buf[BUFSIZ]; 45 fgets(buf, sizeof(buf) + 1, stdin); 46 return 0; 47 } 48 EOF 49 cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=1 -O1 fgets.c 50 ./a.out 51 ``` 52 53 At this point, the program will safely crash. 54 55 56 # Supported interfaces 57 58 - `FD_CLR` 59 - `FD_SET` 60 - `bcopy` 61 - `bzero` 62 - `calloc` 63 - `confstr` 64 - `fdopen` 65 - `fgets` 66 - `fgetws` 67 - `fmemopen` 68 - `fopen` 69 - `fprintf` 70 - `fread` 71 - `fwrite` 72 - `getcwd` 73 - `getdomainname` 74 - `getgroups` 75 - `gethostname` 76 - `getlogin_r` 77 - `malloc` 78 - `mbsnrtowcs` 79 - `mbsrtowcs` 80 - `mbstowcs` 81 - `memchr` 82 - `memcpy` 83 - `memmove` 84 - `mempcpy` 85 - `memset` 86 - `poll` 87 - `popen` 88 - `ppoll` 89 - `pread` 90 - `printf` 91 - `pwrite` 92 - `qsort` 93 - `read` 94 - `readlink` 95 - `readlinkat` 96 - `realloc` 97 - `reallocarray` 98 - `realpath` 99 - `recv` 100 - `recvfrom` 101 - `select` 102 - `send` 103 - `sendto` 104 - `snprintf` 105 - `sprintf` 106 - `stpcpy` 107 - `stpncpy` 108 - `strcat` 109 - `strchr` 110 - `strcpy` 111 - `strlcat` 112 - `strlcpy` 113 - `strlen` 114 - `strncat` 115 - `strncpy` 116 - `strrchr` 117 - `tmpfile` 118 - `ttyname_r` 119 - `umask` 120 - `vfprintf` 121 - `vprintf` 122 - `vsnprintf` 123 - `vsprintf` 124 - `wcrtomb` 125 - `wcscat` 126 - `wcscpy` 127 - `wcsncat` 128 - `wcsncpy` 129 - `wcsnrtombs` 130 - `wcsrtombs` 131 - `wcstombs` 132 - `wctomb` 133 - `wmemcpy` 134 - `wmemmove` 135 - `wmemset` 136 - `write`