From: Florian Weimer <fweimer@redhat.com>
To: Siddhesh Poyarekar <siddhesh@sourceware.org>
Cc: libc-alpha@sourceware.org
Subject: Re: [PATCH] Add _FORTIFY_SOURCE implementation documentation [BZ #28998]
Date: Thu, 22 Dec 2022 14:35:23 +0100 [thread overview]
Message-ID: <873597o92c.fsf@oldenburg.str.redhat.com> (raw)
In-Reply-To: <20221215162506.1802077-1-siddhesh@sourceware.org> (Siddhesh Poyarekar's message of "Thu, 15 Dec 2022 11:25:06 -0500")
* Siddhesh Poyarekar:
> +The @code{_FORTIFY_SOURCE} macro may be defined by users to control
> +hardening of calls into some functions in @theglibc{}. This feature
> +needs a compiler that supports either the @code{__builtin_object_size}
> +or the @code{__builtin_dynamic_object_size} builtin functions. When the
> +macro is defined, it enables code that validates access to buffers that
> +are passed to some functions in @theglibc to determine if they
> +are safe. If the compiler is able to deduce the size of the buffer
> +passed to the function call but the call cannot be determined as safe,
> +it is replaced by a call to its hardened variant that does the access
> +validation at runtime. At runtime, if the access validation check for
> +the buffer fails, the program will terminate with a @code{SIGABRT}
> +signal.
This doesn't really cover %n checks and the open checks, so it's
slightly misleading.
> +The following functions are fortified in @theglibc{}:
> +
> +@itemize @bullet
> +@item @code{asprintf}: Replaced with @code{__asprintf_chk}.
> +
> +@item @code{confstr}: Replaced with @code{__confstr_chk}.
Can we auto-generate this?
It is incomplete. __open_2, __open64_2 and the *at variants are
missing. FD_SET, FD_CLR, FD_ISSET, too.
Thanks,
Florian
next prev parent reply other threads:[~2022-12-22 13:35 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-15 16:25 Siddhesh Poyarekar
2022-12-15 16:35 ` Andreas Schwab
2022-12-15 16:37 ` Siddhesh Poyarekar
2022-12-22 12:56 ` Siddhesh Poyarekar
2022-12-22 13:08 ` Sam James
2023-01-03 14:43 ` Siddhesh Poyarekar
2023-01-04 23:49 ` Jeff Law
2022-12-22 13:35 ` Florian Weimer [this message]
2022-12-22 14:19 ` Siddhesh Poyarekar
2022-12-22 14:22 ` Siddhesh Poyarekar
2022-12-22 15:32 ` [PATCH v2] " Siddhesh Poyarekar
2022-12-22 16:04 ` [PATCH v3] " Siddhesh Poyarekar
2023-01-03 14:29 ` [ping][PATCH " Siddhesh Poyarekar
2023-01-05 21:04 ` [PATCH " Yann Droneaud
2023-01-06 12:27 ` Siddhesh Poyarekar
2023-01-09 15:32 ` Florian Weimer
2023-01-10 13:03 ` Siddhesh Poyarekar
2023-01-11 6:45 ` Sam James
2023-01-10 13:40 ` [PATCH v4] " Siddhesh Poyarekar
2023-01-10 15:00 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=873597o92c.fsf@oldenburg.str.redhat.com \
--to=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=siddhesh@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).