Changeset View
Standalone View
share/man/man7/fortify_source.7
- This file was added.
Property | Old Value | New Value |
---|---|---|
svn:eol-style | null | native \ No newline at end of property |
svn:keywords | null | FreeBSD=%H \ No newline at end of property |
svn:mime-type | null | text/plain \ No newline at end of property |
.\" Copyright (C) 2015 Pedro Giffuni. All rights reserved. | |||||
.\" | |||||
.\" Redistribution and use in source and binary forms, with or without | |||||
.\" modification, are permitted provided that the following conditions | |||||
.\" are met: | |||||
.\" 1. Redistributions of source code must retain the above copyright | |||||
.\" notice, this list of conditions and the following disclaimer. | |||||
.\" 2. Redistributions in binary form must reproduce the above copyright | |||||
.\" notice, this list of conditions and the following disclaimer in the | |||||
.\" documentation and/or other materials provided with the distribution. | |||||
.\" | |||||
.\" THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND | |||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE | |||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |||||
.\" SUCH DAMAGE. | |||||
.\" | |||||
.\" $FreeBSD$ | |||||
.\" | |||||
.Dd August 26, 2015 | |||||
.Dt FORTIFY_SOURCE 7 | |||||
.Os | |||||
.Sh NAME | |||||
.Nm FORTIFY_SOURCE | |||||
.Nd libc bounds-checking functionality | |||||
.Sh SYNOPSIS | |||||
.Pp | |||||
.Nm cc | |||||
.Fl D Ns _FORTIFY_SOURCE=level ... | |||||
.Pp | |||||
bjk: Please supply parameter names for the .Fn arguments. Thus,
.Fn __poll_chk "struct pollfd… | |||||
Done Inline ActionsWhile I could, it doesn't make much sense because these functions are not meant to be called, they only exist in underscored headers and will appear in bug reports. I have to add symlinks for the real functions. pfg: While I could, it doesn't make much sense because these functions are not meant to be called… | |||||
.Sh DESCRIPTION | |||||
Defining | |||||
.Li _FORTIFY_SOURCE | |||||
in the | |||||
.Xr cc 1 | |||||
compiler flags enables a set of replacement functions for common string and | |||||
memory manipulation routines capable of detecting simple buffer overflows. | |||||
The functionality is the result of deep integration between the main C library | |||||
and the compiler itself. | |||||
.Pp | |||||
The concept builds on the observation that there are many cases where the | |||||
compiler can determine the size of a buffer. | |||||
Buffer overflows detected at compile time are reported by the compiler. | |||||
Otherwise, the checks are performed at runtime and produce an error message. | |||||
Done Inline ActionsCan be simplified a bit: Buffer overflows that are detected at compile time are reported by the compiler. Otherwise, the checks are performed at runtime and produce an error message. wblock: Can be simplified a bit:
```Buffer overflows that are detected at compile time are reported by… | |||||
.Pp | |||||
Done Inline ActionsNeeds a comma after "Otherwise", because there is a pause there. wblock: Needs a comma after "Otherwise", because there is a pause there. | |||||
.Sh OPTIONS | |||||
.Ss Fortify Level | |||||
.Nm level | |||||
Setting the level to 0 disables FORTIFY_SOURCE. | |||||
Levels higher than 1 add more checks, depending on the implementation, but might | |||||
cause false positives. | |||||
Done Inline Actionss/may/might/ ("may" for permission, "might" for possibility: "Yes, you may use my spare video card. It might not work any more, though.") wblock: s/may/might/ ("may" for permission, "might" for possibility: "Yes, you may use my spare video… | |||||
.Pp | |||||
Done Inline ActionsUm, conformant to what? Is this a warning that higher levels might cause false positives? wblock: Um, conformant to what? Is this a warning that higher levels might cause false positives? | |||||
Done Inline ActionsTBH, I preserved the language used by the author of the GCC implementation. pfg: TBH, I preserved the language used by the author of the GCC implementation.
My understanding is… | |||||
.Sh IMPLEMENTATION NOTES | |||||
The implementation uses the standard headers to provide inlined replacements. | |||||
Any standard function that is not declared in the code through the standard | |||||
headers will therefore remain unprotected. | |||||
Similarly, functions overflowing in a different compilation unit may remain | |||||
unprotected. | |||||
.Pp | |||||
Headers for the bounds-checking functions cannot be imported directly through any public header. | |||||
The replacement bounds-checking functions are meant to be transparent to the developer and were never meant to be called directly. | |||||
Checker functions are visible only when debugging or when reporting an | |||||
overflow and are easily identified as they end with a | |||||
.Em _chk | |||||
suffix. | |||||
.Pp | |||||
Object size information is usually available to the compiler only in | |||||
optimization mode. | |||||
Disabling optimizations also involves disabling FORTIFY_SOURCE. | |||||
.Pp | |||||
Support for | |||||
.Xr clang 1 | |||||
and other compilers that have only a partial implementation of | |||||
.Tn GNU | |||||
extensions is somewhat limited. | |||||
In particular, compile time checks may not work and level 2, or higher, | |||||
checks may fall back to level 1. | |||||
.Pp | |||||
.Sh SEE ALSO | |||||
.Xr cc 1 , | |||||
.Xr poll 2 , | |||||
.Xr ppoll 2 , | |||||
.Xr pread 2 , | |||||
.Xr read 2 , | |||||
.Xr readlink 2 , | |||||
.Xr readlinkat 2 , | |||||
.Xr recfrom 2 , | |||||
.Xr umask 2 , | |||||
.Xr bcopy 3 , | |||||
.Xr bzero 3 , | |||||
.Xr fgets 3 , | |||||
.Xr fread 3 , | |||||
.Xr fwrite 3 , | |||||
.Xr getcwd 3 , | |||||
.Xr memccpy 3 , | |||||
.Xr memcpy 3 , | |||||
.Xr memmove 3 , | |||||
.Xr memrchr 3 , | |||||
.Xr memset 3 , | |||||
.Xr rindex 3 , | |||||
.Xr snprintf 3 , | |||||
.Xr sprintf 3 , | |||||
.Xr stpcpy 3 , | |||||
.Xr stpncpy 3 , | |||||
.Xr strcat 3 , | |||||
.Xr strchr 3 , | |||||
.Xr strchrnul 3 , | |||||
.Xr strcpy 3 , | |||||
.Xr strlcat 3 , | |||||
.Xr strlcpy 3 , | |||||
.Xr strlen 3 , | |||||
.Xr strncat 3 , | |||||
.Xr strncpy 3 , | |||||
.Xr strrchr 3 , | |||||
.Xr vsnprintf 3 , | |||||
.Xr vsprintf 3 | |||||
.Sh HISTORY | |||||
Support for FORTIFY_SOURCE is a | |||||
.Tn GNU | |||||
C extension. | |||||
.Pp | |||||
The current implementation was developed by | |||||
.An Oliver Pinter | |||||
with help from | |||||
.An Pedro Giffuni | |||||
Done Inline ActionsThis "the" is probably not needed... bjk: This "the" is probably not needed... | |||||
Done Inline ActionsIt was needed because I was later referring to the compiler flags. pfg: It was needed because I was later referring to the compiler flags. | |||||
based on similar implementations from | |||||
Done Inline ActionsThis may be better as .Dv; I'd have to check. bjk: This may be better as .Dv; I'd have to check. | |||||
.Nx | |||||
Done Inline Actions... particularly if this "for" is replaced with "in". bjk: ... particularly if this "for" is replaced with "in". | |||||
Done Inline ActionsYes, this is a good change, Thanks! pfg: Yes, this is a good change, Thanks! | |||||
Done Inline ActionsStart new sentences on new lines. wblock: Start new sentences on new lines. | |||||
and Bionic libc. | |||||
.Pp | |||||
.Nm FORTIFY_SOURCE | |||||
was introduced in | |||||
Done Inline ActionsStart new sentences on new lines. wblock: Start new sentences on new lines. | |||||
.Fx 11.0. | |||||
Done Inline Actionscomma after warning. bjk: comma after warning. | |||||
Done Inline Actionscannot, or must not? bjk: cannot, or must not? | |||||
Done Inline Actionscannot: we#error any attempt. pfg: cannot: we#error any attempt. | |||||
Done Inline Actionss/adds/add/ wblock: s/adds/add/ | |||||
Done Inline ActionsThe purpose of this colon is not clear. Should the sentence just be split here? wblock: The purpose of this colon is not clear. Should the sentence just be split here? | |||||
Done Inline ActionsThis sentence conflicts a bit with the previous ones. Might be a typo where "do" should be "do not". Or the sentence needs to point out that this is an exception, possibly replacing "do appear visible" with just "are visible": However, checker functions are visible when debugging or when reporting an wblock: This sentence conflicts a bit with the previous ones. Might be a typo where "do" should be "do… | |||||
Done Inline ActionsReplace this colon by splitting this sentence in two. Add a comma after "reason": optimization mode. For this reason, disabling optimizations also involves wblock: Replace this colon by splitting this sentence in two. Add a comma after "reason"… | |||||
Done Inline ActionsReplace colon by splitting sentence in two. wblock: Replace colon by splitting sentence in two. | |||||
Done Inline Actionss/only/only a/ wblock: s/only/only a/
s/of/of the/ | |||||
Done Inline ActionsI would suggest: .Nm was introduced in .Fx 11.0.`` wblock: I would suggest:
```.Nm
was introduced in
.Fx 11.0.`` |
Please supply parameter names for the .Fn arguments. Thus,
.Fn __poll_chk "struct pollfd *fds" [...]