Changeset View
Changeset View
Standalone View
Standalone View
share/man/man7/fortify_source.7
- This file was added.
| Property | Old Value | New Value |
|---|---|---|
| svn:eol-style | null | native \ No newline at end of property |
| svn:keywords | null | FreeBSD=%H \ No newline at end of property |
| svn:mime-type | null | text/plain \ No newline at end of property |
| .\" Copyright (C) 2015 Pedro Giffuni. All rights reserved. | |||||
| .\" | |||||
| .\" Redistribution and use in source and binary forms, with or without | |||||
| .\" modification, are permitted provided that the following conditions | |||||
| .\" are met: | |||||
| .\" 1. Redistributions of source code must retain the above copyright | |||||
| .\" notice, this list of conditions and the following disclaimer. | |||||
| .\" 2. Redistributions in binary form must reproduce the above copyright | |||||
| .\" notice, this list of conditions and the following disclaimer in the | |||||
| .\" documentation and/or other materials provided with the distribution. | |||||
| .\" | |||||
| .\" THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND | |||||
| .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |||||
| .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |||||
| .\" ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE | |||||
| .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |||||
| .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |||||
| .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |||||
| .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |||||
| .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |||||
| .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |||||
| .\" SUCH DAMAGE. | |||||
| .\" | |||||
| .\" $FreeBSD$ | |||||
| .\" | |||||
| .Dd August 26, 2015 | |||||
| .Dt FORTIFY_SOURCE 7 | |||||
| .Os | |||||
| .Sh NAME | |||||
| .Nm FORTIFY_SOURCE | |||||
| .Nd libc bounds-checking functionality | |||||
| .Sh SYNOPSIS | |||||
| .Pp | |||||
| .Nm cc | |||||
| .Fl D Ns _FORTIFY_SOURCE=level ... | |||||
| .Pp | |||||
bjk: Please supply parameter names for the .Fn arguments. Thus,
.Fn __poll_chk "struct pollfd… | |||||
Done Inline ActionsWhile I could, it doesn't make much sense because these functions are not meant to be called, they only exist in underscored headers and will appear in bug reports. I have to add symlinks for the real functions. pfg: While I could, it doesn't make much sense because these functions are not meant to be called… | |||||
| .Sh DESCRIPTION | |||||
| Defining | |||||
| .Li _FORTIFY_SOURCE | |||||
| in the | |||||
| .Xr cc 1 | |||||
| compiler flags enables a set of replacement functions for common string and | |||||
| memory manipulation routines capable of detecting simple buffer overflows. | |||||
| The functionality is the result of deep integration between the main C library | |||||
| and the compiler itself. | |||||
| .Pp | |||||
| The concept builds on the observation that there are many cases where the | |||||
| compiler can determine the size of a buffer. | |||||
| Buffer overflows detected at compile time are reported by the compiler. | |||||
| Otherwise, the checks are performed at runtime and produce an error message. | |||||
Done Inline ActionsCan be simplified a bit: Buffer overflows that are detected at compile time are reported by the compiler. Otherwise, the checks are performed at runtime and produce an error message. wblock: Can be simplified a bit:
```Buffer overflows that are detected at compile time are reported by… | |||||
| .Pp | |||||
Done Inline ActionsNeeds a comma after "Otherwise", because there is a pause there. wblock: Needs a comma after "Otherwise", because there is a pause there. | |||||
| .Sh OPTIONS | |||||
| .Ss Fortify Level | |||||
| .Nm level | |||||
| Setting the level to 0 disables FORTIFY_SOURCE. | |||||
| Levels higher than 1 add more checks, depending on the implementation, but might | |||||
| cause false positives. | |||||
Done Inline Actionss/may/might/ ("may" for permission, "might" for possibility: "Yes, you may use my spare video card. It might not work any more, though.") wblock: s/may/might/ ("may" for permission, "might" for possibility: "Yes, you may use my spare video… | |||||
| .Pp | |||||
Done Inline ActionsUm, conformant to what? Is this a warning that higher levels might cause false positives? wblock: Um, conformant to what? Is this a warning that higher levels might cause false positives? | |||||
Done Inline ActionsTBH, I preserved the language used by the author of the GCC implementation. pfg: TBH, I preserved the language used by the author of the GCC implementation.
My understanding is… | |||||
| .Sh IMPLEMENTATION NOTES | |||||
| The implementation uses the standard headers to provide inlined replacements. | |||||
| Any standard function that is not declared in the code through the standard | |||||
| headers will therefore remain unprotected. | |||||
| Similarly, functions overflowing in a different compilation unit may remain | |||||
| unprotected. | |||||
| .Pp | |||||
| Headers for the bounds-checking functions cannot be imported directly through any public header. | |||||
| The replacement bounds-checking functions are meant to be transparent to the developer and were never meant to be called directly. | |||||
| Checker functions are visible only when debugging or when reporting an | |||||
| overflow and are easily identified as they end with a | |||||
| .Em _chk | |||||
| suffix. | |||||
| .Pp | |||||
| Object size information is usually available to the compiler only in | |||||
| optimization mode. | |||||
| Disabling optimizations also involves disabling FORTIFY_SOURCE. | |||||
| .Pp | |||||
| Support for | |||||
| .Xr clang 1 | |||||
| and other compilers that have only a partial implementation of | |||||
| .Tn GNU | |||||
| extensions is somewhat limited. | |||||
| In particular, compile time checks may not work and level 2, or higher, | |||||
| checks may fall back to level 1. | |||||
| .Pp | |||||
| .Sh SEE ALSO | |||||
| .Xr cc 1 , | |||||
| .Xr poll 2 , | |||||
| .Xr ppoll 2 , | |||||
| .Xr pread 2 , | |||||
| .Xr read 2 , | |||||
| .Xr readlink 2 , | |||||
| .Xr readlinkat 2 , | |||||
| .Xr recfrom 2 , | |||||
| .Xr umask 2 , | |||||
| .Xr bcopy 3 , | |||||
| .Xr bzero 3 , | |||||
| .Xr fgets 3 , | |||||
| .Xr fread 3 , | |||||
| .Xr fwrite 3 , | |||||
| .Xr getcwd 3 , | |||||
| .Xr memccpy 3 , | |||||
| .Xr memcpy 3 , | |||||
| .Xr memmove 3 , | |||||
| .Xr memrchr 3 , | |||||
| .Xr memset 3 , | |||||
| .Xr rindex 3 , | |||||
| .Xr snprintf 3 , | |||||
| .Xr sprintf 3 , | |||||
| .Xr stpcpy 3 , | |||||
| .Xr stpncpy 3 , | |||||
| .Xr strcat 3 , | |||||
| .Xr strchr 3 , | |||||
| .Xr strchrnul 3 , | |||||
| .Xr strcpy 3 , | |||||
| .Xr strlcat 3 , | |||||
| .Xr strlcpy 3 , | |||||
| .Xr strlen 3 , | |||||
| .Xr strncat 3 , | |||||
| .Xr strncpy 3 , | |||||
| .Xr strrchr 3 , | |||||
| .Xr vsnprintf 3 , | |||||
| .Xr vsprintf 3 | |||||
| .Sh HISTORY | |||||
| Support for FORTIFY_SOURCE is a | |||||
| .Tn GNU | |||||
| C extension. | |||||
| .Pp | |||||
| The current implementation was developed by | |||||
| .An Oliver Pinter | |||||
| with help from | |||||
| .An Pedro Giffuni | |||||
Done Inline ActionsThis "the" is probably not needed... bjk: This "the" is probably not needed... | |||||
Done Inline ActionsIt was needed because I was later referring to the compiler flags. pfg: It was needed because I was later referring to the compiler flags. | |||||
| based on similar implementations from | |||||
Done Inline ActionsThis may be better as .Dv; I'd have to check. bjk: This may be better as .Dv; I'd have to check. | |||||
| .Nx | |||||
Done Inline Actions... particularly if this "for" is replaced with "in". bjk: ... particularly if this "for" is replaced with "in". | |||||
Done Inline ActionsYes, this is a good change, Thanks! pfg: Yes, this is a good change, Thanks! | |||||
Done Inline ActionsStart new sentences on new lines. wblock: Start new sentences on new lines. | |||||
| and Bionic libc. | |||||
| .Pp | |||||
| .Nm FORTIFY_SOURCE | |||||
| was introduced in | |||||
Done Inline ActionsStart new sentences on new lines. wblock: Start new sentences on new lines. | |||||
| .Fx 11.0. | |||||
Done Inline Actionscomma after warning. bjk: comma after warning. | |||||
Done Inline Actionscannot, or must not? bjk: cannot, or must not? | |||||
Done Inline Actionscannot: we#error any attempt. pfg: cannot: we#error any attempt. | |||||
Done Inline Actionss/adds/add/ wblock: s/adds/add/ | |||||
Done Inline ActionsThe purpose of this colon is not clear. Should the sentence just be split here? wblock: The purpose of this colon is not clear. Should the sentence just be split here? | |||||
Done Inline ActionsThis sentence conflicts a bit with the previous ones. Might be a typo where "do" should be "do not". Or the sentence needs to point out that this is an exception, possibly replacing "do appear visible" with just "are visible": However, checker functions are visible when debugging or when reporting an wblock: This sentence conflicts a bit with the previous ones. Might be a typo where "do" should be "do… | |||||
Done Inline ActionsReplace this colon by splitting this sentence in two. Add a comma after "reason": optimization mode. For this reason, disabling optimizations also involves wblock: Replace this colon by splitting this sentence in two. Add a comma after "reason"… | |||||
Done Inline ActionsReplace colon by splitting sentence in two. wblock: Replace colon by splitting sentence in two. | |||||
Done Inline Actionss/only/only a/ wblock: s/only/only a/
s/of/of the/ | |||||
Done Inline ActionsI would suggest: .Nm was introduced in .Fx 11.0.`` wblock: I would suggest:
```.Nm
was introduced in
.Fx 11.0.`` | |||||
Please supply parameter names for the .Fn arguments. Thus,
.Fn __poll_chk "struct pollfd *fds" [...]