README.md (3211B)
1 # What is it? 2 3 This is a [standalone implementation](https://git.2f30.org/fortify-headers/) of 4 [fortify source]( http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html ) 5 level 3, providing compile time security checks. 6 It is libc-agnostic and simply overlays the system headers by using the 7 [`#include_next`](https://gcc.gnu.org/onlinedocs/cpp/Wrapper-Headers.html) 8 extension found in GCC, and 9 [black magic](https://github.com/jvoisin/fortify-headers/commit/fe149628eaae9748be08815d726cc56e8e492c73) 10 on Clang. It was initially intended to be used on 11 [musl](http://www.musl-libc.org/) based 12 [Linux distributions](https://git.alpinelinux.org/aports/commit/?id=067a4f28825478911bb62be3b8da758d9722753e). 13 14 # Features 15 16 - It is portable, works on *BSD, Linux, Solaris and possibly others. 17 - It will only trap non-conformant programs. This means that fortify 18 level 2 is treated in the same way as level 1. 19 - Avoids making function calls when undefined behaviour has already been 20 invoked. This is handled by using `__builtin_trap()`. 21 - Support for out-of-bounds read interfaces, such as send(), write(), fwrite() etc. 22 - No ABI is enforced. All of the fortify check functions are inlined 23 into the resulting binary. 24 - It has a [comprehensive suite of tests](https://github.com/jvoisin/fortify-headers/tree/master/tests), 25 running both on Clang and on GCC for every commit, with 26 [significant coverage](https://jvoisin.github.io/fortify-headers/) 27 - Defining `FORTIFY_USE_NATIVE_CHK` will make use of compiler-provided builtin `_chk` 28 functions, which might be a bit better in term of diagnostics, 29 but won't necessarily provide the same amount of security checks. 30 - Defining `FORTIFY_PEDANTIC_CHECKS` will enable pedantic checks, that while technically 31 correct, might break some programs relying on widely accepted 32 undefined-behaviours. 33 34 # Sample usage 35 36 If you want to quickly test it, you can try something like the following: 37 38 ``` 39 cat > fgets.c <<EOF 40 #include <stdio.h> 41 int 42 main(void) 43 { 44 char buf[BUFSIZ]; 45 fgets(buf, sizeof(buf) + 1, stdin); 46 return 0; 47 } 48 EOF 49 cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=3 -O1 fgets.c 50 ./a.out 51 ``` 52 53 At this point, the program will safely and loudly crash. 54 55 56 # Supported interfaces 57 58 - `FD_CLR` 59 - `FD_SET` 60 - `asprintf` 61 - `bcopy` 62 - `bzero` 63 - `calloc` 64 - `confstr` 65 - `fdopen` 66 - `fgets` 67 - `fgetws` 68 - `fmemopen` 69 - `fopen` 70 - `fprintf` 71 - `fread` 72 - `fwrite` 73 - `getcwd` 74 - `getdomainname` 75 - `getgroups` 76 - `gethostname` 77 - `getlogin_r` 78 - `malloc` 79 - `mbsnrtowcs` 80 - `mbsrtowcs` 81 - `mbstowcs` 82 - `memchr` 83 - `memcpy` 84 - `memmove` 85 - `mempcpy` 86 - `memset` 87 - `poll` 88 - `popen` 89 - `ppoll` 90 - `pread` 91 - `printf` 92 - `pwrite` 93 - `qsort` 94 - `read` 95 - `readlink` 96 - `readlinkat` 97 - `realloc` 98 - `reallocarray` 99 - `realpath` 100 - `recv` 101 - `recvfrom` 102 - `select` 103 - `send` 104 - `sendto` 105 - `snprintf` 106 - `sprintf` 107 - `stpcpy` 108 - `stpncpy` 109 - `strcat` 110 - `strchr` 111 - `strcpy` 112 - `strlcat` 113 - `strlcpy` 114 - `strlen` 115 - `strncat` 116 - `strncpy` 117 - `strrchr` 118 - `tmpfile` 119 - `ttyname_r` 120 - `umask` 121 - `vfprintf` 122 - `vprintf` 123 - `vasprintf` 124 - `vsnprintf` 125 - `vsprintf` 126 - `wcrtomb` 127 - `wcscat` 128 - `wcscpy` 129 - `wcsncat` 130 - `wcsncpy` 131 - `wcsnrtombs` 132 - `wcsrtombs` 133 - `wcstombs` 134 - `wctomb` 135 - `wmemcpy` 136 - `wmemmove` 137 - `wmemset` 138 - `write`