From Fedora Project Wiki

< Toolchain‎ | Watermark

Revision as of 10:53, 24 October 2016 by Fweimer (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Hardening detection: _FORTIFY_SOURCE

GCC and glibc redirect calls to function such as strcpy to replacements like __strcpy_chk and supply additional length information for buffer overflow checks.

Currently, strcpy is used if

  1. fortify is disabled,
  2. no length information is available, or
  3. the call is known to be safe.

Which alternative applies requires looking at the assembly. Presence of calls to _chk functions depends on optimizations, and those in turn depend on the architecture, which makes verification very difficult.

The challenge here is that _FORTIFY_SOURCE is a preprocessor macro, and what happens behind the scenes differs from function to function. Addressing may need changes to both glibc and GCC.

Retrieved from "https://fedoraproject.org/w/index.php?title=Toolchain/Watermark/HardeningFortify&oldid=477833"