Initial implementation of _FORTIFY_SOURCE
- Reply: Cy Schubert : "Re: Initial implementation of _FORTIFY_SOURCE"
- Reply: Alexander Leidinger : "Re: Initial implementation of _FORTIFY_SOURCE"
- Reply: Paul Floyd : "Re: Initial implementation of _FORTIFY_SOURCE"
- Reply: Paul Floyd : "Re: Initial implementation of _FORTIFY_SOURCE"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 13 May 2024 17:47:41 UTC
Hi, As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've imported an initial version of FORTIFY_SOURCE from FreeBSD. FORTIFY_SOURCE is an improvement over classical SSP, doing compiler-aided checking of stack object sizes to detect more fine-grained stack overflow without relying on the randomized stack canary just past the stack frame. This implementation is not yet complete, but we've done a review of useful functions and syscalls to add checked variants of and intend to complete the implementation over the next month or so. Please test _FORTIFY_SOURCE out now by setting FORTIFY_SOURCE=2 in the buildworld env -- I intend to flip the default to 2 when WITH_SSP is set in the next month if nobody complains about serious breakage. I've personally been rolling with FORTIFY_SOURCE=2 for the last three years that this has been sitting in a local branch, so I don't really anticipate any super-fundamental breakage. Thanks, Kyle Evans