[CFR] FORTIFY_SOURCE
Pedro Giffuni
pfg at FreeBSD.org
Thu Jul 30 18:01:19 UTC 2015
Dear developers;
As part of this year's Google Summer of Code [1] Oliver Pinter and I have
been working on implementing the FORTIFY_SOURCE libc extension. The
idea, initially implemented in GNU libc is to use the gcc's
__builtin_object_size
to replace many common string functions with bounds checking variants,
therefore limiting the possibility of buffer overflows.
So far the implementation is basically finished and we merged elements
of the
from both NetBSD and bionic's libc. Our implementation is non-invasive and
very effective; it works with both clang and gcc (tested with our base
compilers).
The code would initially be off by default and there are still some small
issues to figure out but we would welcome wider review:
https://reviews.freebsd.org/D3043
I will also be requesting and exp-run on the ports tree soon.
[1]
https://wiki.freebsd.org/SummerOfCode2015/FreeBSDLibcSecurityExtensions
More information about the freebsd-toolchain
mailing list