fortify-headers

standalone fortify-source implementation
git clone git://git.2f30.org/fortify-headers
Log | Files | Refs | README | LICENSE

README.md (3211B)


      1 # What is it?
      2 
      3 This is a [standalone implementation](https://git.2f30.org/fortify-headers/) of
      4 [fortify source]( http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html )
      5 level 3, providing compile time security checks.
      6 It is libc-agnostic and simply overlays the system headers by using the
      7 [`#include_next`](https://gcc.gnu.org/onlinedocs/cpp/Wrapper-Headers.html)
      8 extension found in GCC, and
      9 [black magic](https://github.com/jvoisin/fortify-headers/commit/fe149628eaae9748be08815d726cc56e8e492c73)
     10 on Clang. It was initially intended to be used on
     11 [musl](http://www.musl-libc.org/) based
     12 [Linux distributions](https://git.alpinelinux.org/aports/commit/?id=067a4f28825478911bb62be3b8da758d9722753e).
     13 
     14 # Features
     15 
     16 - It is portable, works on *BSD, Linux, Solaris and possibly others.
     17 - It will only trap non-conformant programs. This means that fortify
     18   level 2 is treated in the same way as level 1.
     19 - Avoids making function calls when undefined behaviour has already been
     20   invoked. This is handled by using `__builtin_trap()`.
     21 - Support for out-of-bounds read interfaces, such as send(), write(), fwrite() etc.
     22 - No ABI is enforced. All of the fortify check functions are inlined
     23   into the resulting binary.
     24 - It has a [comprehensive suite of tests](https://github.com/jvoisin/fortify-headers/tree/master/tests),
     25   running both on Clang and on GCC for every commit, with
     26   [significant coverage](https://jvoisin.github.io/fortify-headers/)
     27 - Defining `FORTIFY_USE_NATIVE_CHK` will make use of compiler-provided builtin `_chk`
     28   functions, which might be a bit better in term of diagnostics,
     29   but won't necessarily provide the same amount of security checks.
     30 - Defining `FORTIFY_PEDANTIC_CHECKS` will enable pedantic checks, that while technically
     31   correct, might break some programs relying on widely accepted
     32   undefined-behaviours.
     33 
     34 # Sample usage
     35 
     36 If you want to quickly test it, you can try something like the following:
     37 
     38 ```
     39 cat > fgets.c <<EOF
     40 #include <stdio.h>
     41 int
     42 main(void)
     43 {
     44 	char buf[BUFSIZ];
     45 	fgets(buf, sizeof(buf) + 1, stdin);
     46 	return 0;
     47 }
     48 EOF
     49 cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=3 -O1 fgets.c
     50 ./a.out
     51 ```
     52 
     53 At this point, the program will safely and loudly crash.
     54 
     55 
     56 # Supported interfaces
     57 
     58 - `FD_CLR`
     59 - `FD_SET`
     60 - `asprintf`
     61 - `bcopy`
     62 - `bzero`
     63 - `calloc`
     64 - `confstr`
     65 - `fdopen` 
     66 - `fgets`
     67 - `fgetws`
     68 - `fmemopen` 
     69 - `fopen` 
     70 - `fprintf` 
     71 - `fread`
     72 - `fwrite`
     73 - `getcwd`
     74 - `getdomainname`
     75 - `getgroups`
     76 - `gethostname`
     77 - `getlogin_r`
     78 - `malloc` 
     79 - `mbsnrtowcs`
     80 - `mbsrtowcs`
     81 - `mbstowcs`
     82 - `memchr` 
     83 - `memcpy`
     84 - `memmove`
     85 - `mempcpy`
     86 - `memset`
     87 - `poll`
     88 - `popen` 
     89 - `ppoll`
     90 - `pread`
     91 - `printf` 
     92 - `pwrite` 
     93 - `qsort` 
     94 - `read`
     95 - `readlink`
     96 - `readlinkat`
     97 - `realloc` 
     98 - `reallocarray` 
     99 - `realpath`
    100 - `recv`
    101 - `recvfrom`
    102 - `select` 
    103 - `send`
    104 - `sendto`
    105 - `snprintf`
    106 - `sprintf`
    107 - `stpcpy`
    108 - `stpncpy`
    109 - `strcat`
    110 - `strchr`
    111 - `strcpy`
    112 - `strlcat`
    113 - `strlcpy`
    114 - `strlen`
    115 - `strncat`
    116 - `strncpy`
    117 - `strrchr`
    118 - `tmpfile` 
    119 - `ttyname_r`
    120 - `umask` 
    121 - `vfprintf` 
    122 - `vprintf` 
    123 - `vasprintf`
    124 - `vsnprintf`
    125 - `vsprintf`
    126 - `wcrtomb`
    127 - `wcscat`
    128 - `wcscpy`
    129 - `wcsncat`
    130 - `wcsncpy`
    131 - `wcsnrtombs`
    132 - `wcsrtombs`
    133 - `wcstombs`
    134 - `wctomb`
    135 - `wmemcpy`
    136 - `wmemmove`
    137 - `wmemset`
    138 - `write`