This is a standalone implementation of
fortify source
level 3, providing compile time security checks. It is libc-agnostic and simply
overlays the system headers by using the
#include_next
extension found in GCC, and black
magic
on Clang. It was initially intended to be used on
musl based Linux
distributions like Alpine Linux,
Chimera Linux.
- It is portable, works on *BSD, Linux, Solaris and possibly others.
- It will only trap non-conformant programs. This means that fortify level 2 is treated in the same way as level 1.
- Avoids making function calls when undefined behaviour has already been
invoked. This is handled by using
__builtin_trap(). - Support for out-of-bounds read interfaces, such as send(), write(), fwrite() etc.
- No ABI is enforced. All of the fortify check functions are inlined into the resulting binary.
- It has a comprehensive suite of tests, running on multiple versions of Clang and GCC, as well as on C89, C99, C11 and C17.
If you want to quickly test it, you can try something like the following:
cat > fgets.c <<EOF
#include <stdio.h>
int
main(void)
{
char buf[BUFSIZ];
fgets(buf, sizeof(buf) + 1, stdin);
return 0;
}
EOF
cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=3 -O1 fgets.c
./a.out
At this point, the program will safely crash.
FD_CLR FD_SET bcopy bzero confstr fgets fgetws fread fwrite getcwd getdomainname getgroups gethostname getlogin_r mbsnrtowcs mbsrtowcs mbstowcs memcpy memmove mempcpy memset poll ppoll pread read readlink readlinkat realpath recv recvfrom send sendto snprintf sprintf stpcpy stpncpy strcat strcpy strlcat strlcpy strncat strncpy ttyname_r vsnprintf vsprintf wcrtomb wcscat wcscpy wcsncat wcsncpy wcsnrtombs wcsrtombs wcstombs wmemcpy wmemmove wmemset write