blob: 927035082fc4eaa0375208253ca98258333435f3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
@node Overflow Protection
@chapter Overflow Protection
@menu
* Stack Smashing Protection:: Checks enabled with -fstack-protector*
* Object Size Checking:: Checks enabled with _FORTIFY_SOURCE
@end menu
@node Stack Smashing Protection
@section Stack Smashing Protection
Stack Smashing Protection is a compiler feature which emits extra code
to check for stack smashing attacks. It depends on a canary, which is
initialized with the process, and functions for process termination when
an overflow is detected. These are private entry points intended solely
for use by the compiler, and are used when any of the @code{-fstack-protector},
@code{-fstack-protector-all}, @code{-fstack-protector-explicit}, or
@code{-fstack-protector-strong} compiler flags are enabled.
@node Object Size Checking
@section Object Size Checking
Object Size Checking is a feature which wraps certain functions with checks
to prevent buffer overflows. These are enabled when compiling with
optimization (@code{-O1} and higher) and @code{_FORTIFY_SOURCE} defined
to 1, or for stricter checks, to 2.
@cindex list of overflow protected functions
The following functions use object size checking to detect buffer overflows
when enabled:
@example
@exdent @emph{String functions:}
bcopy memmove strcpy
bzero mempcpy strcat
explicit_bzero memset strncat
memcpy stpcpy strncpy
@exdent @emph{Wide Character String functions:}
fgetws wcrtomb wcsrtombs
fgetws_unlocked wcscat wmemcpy
mbsnrtowcs wcscpy wmemmove
mbsrtowcs wcsncat wmempcpy
wcpcpy wcsncpy wmemset
wcpncpy wcsnrtombs
@exdent @emph{Stdio functions:}
fgets fread_unlocked sprintf
fgets_unlocked gets vsnprintf
fread snprintf vsprintf
@exdent @emph{Stdlib functions:}
mbstowcs wcstombs wctomb
@exdent @emph{System functions:}
getcwd read ttyname_r
pread readlink
@end example
|
