From: Siddhesh Poyarekar <siddhesh@gotplt.org>
To: Siddhesh Poyarekar <siddhesh@sourceware.org>,
Florian Weimer <fweimer@redhat.com>
Cc: libc-alpha@sourceware.org
Subject: Re: [PATCH] Add _FORTIFY_SOURCE implementation documentation [BZ #28998]
Date: Thu, 22 Dec 2022 09:22:07 -0500 [thread overview]
Message-ID: <e0e26c43-b120-e4b0-ff79-df5d5bed644c@gotplt.org> (raw)
In-Reply-To: <58b6325f-41e0-ce46-c691-10eb792246a4@sourceware.org>
On 2022-12-22 09:19, Siddhesh Poyarekar via Libc-alpha wrote:
> On 2022-12-22 08:35, Florian Weimer via Libc-alpha wrote:
>> * Siddhesh Poyarekar:
>>
>>> +The @code{_FORTIFY_SOURCE} macro may be defined by users to control
>>> +hardening of calls into some functions in @theglibc{}. This feature
>>> +needs a compiler that supports either the @code{__builtin_object_size}
>>> +or the @code{__builtin_dynamic_object_size} builtin functions. When
>>> the
>>> +macro is defined, it enables code that validates access to buffers that
>>> +are passed to some functions in @theglibc to determine if they
>>> +are safe. If the compiler is able to deduce the size of the buffer
>>> +passed to the function call but the call cannot be determined as safe,
>>> +it is replaced by a call to its hardened variant that does the access
>>> +validation at runtime. At runtime, if the access validation check for
>>> +the buffer fails, the program will terminate with a @code{SIGABRT}
>>> +signal.
>>
>> This doesn't really cover %n checks and the open checks, so it's
>> slightly misleading.
>
> How about the following then; I've mentioned %n in the description for
> level 2 so I'm only trying to provide a high level summary here:
>
> """
> If the compiler is able to deduce the size of the buffer passed to the
> function call but the call cannot be determined as safe, it is replaced
> by a call to its hardened variant that performs additional safety checks
> at runtime. At runtime, if those safety checks fail, the program will
> terminate with a @code{SIGABRT} signal.
> """
>
Uhmm, I just noticed that the open* checking is enabled at
__FORTIFY_LEVEL == 1, so I guess that description needs to change too.
Sid
next prev parent reply other threads:[~2022-12-22 14:22 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-15 16:25 Siddhesh Poyarekar
2022-12-15 16:35 ` Andreas Schwab
2022-12-15 16:37 ` Siddhesh Poyarekar
2022-12-22 12:56 ` Siddhesh Poyarekar
2022-12-22 13:08 ` Sam James
2023-01-03 14:43 ` Siddhesh Poyarekar
2023-01-04 23:49 ` Jeff Law
2022-12-22 13:35 ` Florian Weimer
2022-12-22 14:19 ` Siddhesh Poyarekar
2022-12-22 14:22 ` Siddhesh Poyarekar [this message]
2022-12-22 15:32 ` [PATCH v2] " Siddhesh Poyarekar
2022-12-22 16:04 ` [PATCH v3] " Siddhesh Poyarekar
2023-01-03 14:29 ` [ping][PATCH " Siddhesh Poyarekar
2023-01-05 21:04 ` [PATCH " Yann Droneaud
2023-01-06 12:27 ` Siddhesh Poyarekar
2023-01-09 15:32 ` Florian Weimer
2023-01-10 13:03 ` Siddhesh Poyarekar
2023-01-11 6:45 ` Sam James
2023-01-10 13:40 ` [PATCH v4] " Siddhesh Poyarekar
2023-01-10 15:00 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e0e26c43-b120-e4b0-ff79-df5d5bed644c@gotplt.org \
--to=siddhesh@gotplt.org \
--cc=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=siddhesh@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).