_FORTIFY_SOURCE Implementation

Reply: Kyle Evans : "Re: _FORTIFY_SOURCE Implementation"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Kyle Evans <kevans_at_freebsd.org>
Date: Tue, 05 Oct 2021 04:01:37 UTC

Hello!

I've just created three reviews to import and enable the
_FORTIFY_SOURCE implementation from NetBSD. For some light background,
_FORTIFY_SOURCE attempts to detect some classes of buffer overflows.

- https://reviews.freebsd.org/D32306 - Import _FORTIFY_SOURCE
- https://reviews.freebsd.org/D32307 - Prepare for _FORTIFY_SOURCE
- https://reviews.freebsd.org/D32308 - Enable it

D32307 is perhaps the most interesting as it hacks around
_FORTIFY_SOURCE redefinitions in libc. Other prerequisite work was
needed to get this to build at all;`main` as of the bc 5.0.2 update
(f774652b0e837b) is required.

The last review enables it by default at FORTIFY_SOURCE=2, if building
WITH_SSP (the default). It respects a "FORTIFY_SOURCE" make(1) var to
indicate the level, so either user or a makefile can disable it as
needed with FORTIFY_SOURCE=0.

Thanks,

Kyle Evans