From Fedora Project Wiki

< Toolchain‎ | Watermark

Revision as of 10:50, 24 October 2016 by Fweimer (talk | contribs) (Created page with "== Hardening detection: <code>_FORTIFY_SOURCE</code> == GCC and glibc redirect calls to function such as <code>strcpy</code> to replacements like <code>__strcpy_chk</code> an...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Hardening detection: _FORTIFY_SOURCE

GCC and glibc redirect calls to function such as strcpy to replacements like __strcpy_chk and supply additional length information for buffer overflow checks.

Currently, strcpy is used if

  1. fortify is disabled,
  2. no length information is available, or
  3. the call is known to be safe.

Which alternative applies requires looking at the assembly. Presence of calls to _chk functions depends on optimizations, and those in turn depend on the architecture, which makes verification very difficult.

Addressing may need changes to both glibc and GCC.

Retrieved from "https://fedoraproject.org/w/index.php?title=Toolchain/Watermark/HardeningFortify&oldid=477832"