Author: sin <email@example.com>
Date: Fri, 6 Mar 2015 16:42:15 +0000
|M||README|| | ||49||+++++++++++++++++++++++++++++++++++++++++--------|
1 file changed, 41 insertions(+), 8 deletions(-)
diff --git a/README b/README
@@ -1,10 +1,43 @@
-This is a standalone implementation of fortify source. The implementation
-is libc-agnostic and simply overlays the system headers by using
+What is it?
-The implementation will trap only non-conformant programs. This in turn
-implies that fortify source level 2 protection is handled in the same way
-as level 1.
+This is a standalone implementation of fortify source. It is libc-agnostic
+and simply overlays the system headers by using GCC's #include_next. It was
+initially designed to be used on musl based Linux distributions.
-This implementation does not provide binary compatibility with existing
-fortify source implementations.
+- It is portable, works on *BSD and Linux systems.
+- It will only trap non-conformant programs. This means that fortify
+ level 2 is treated in the same way as level 1.
+- Avoids making function calls when UB has already been invoked. This
+ is handled by using GCC's __builtin_trap().
+- All of the check functions are inlined into the resulting binary.
+How to use?
+A plan for integrating fortify into a Linux distribution is still in
+planning stages. If you want to quickly test it, you can try something
+like the following:
+cat > fgets.c <<EOF
+ char buf[BUFSIZ];
+ fgets(buf, sizeof(buf) + 1, stdin);
+ return 0;
+cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=1 -O1 fgets.c
+At this point, the program will crash.