public inbox for newlib-cvs@sourceware.org
help / color / mirror / Atom feed
* [newlib-cygwin] ssp: add documentation
@ 2017-11-29 17:27 Yaakov Selkowitz
0 siblings, 0 replies; only message in thread
From: Yaakov Selkowitz @ 2017-11-29 17:27 UTC (permalink / raw)
To: newlib-cvs
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=192de5a349f61a70e9d2f74c2be0674114391f56
commit 192de5a349f61a70e9d2f74c2be0674114391f56
Author: Yaakov Selkowitz <yselkowi@redhat.com>
Date: Tue Nov 28 18:11:59 2017 -0600
ssp: add documentation
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
Diff:
---
newlib/libc/libc.in.xml | 1 +
newlib/libc/libc.texinfo | 1 +
newlib/libc/ssp/ssp.tex | 44 ++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 46 insertions(+)
diff --git a/newlib/libc/libc.in.xml b/newlib/libc/libc.in.xml
index 9726961..bf5f8a0 100644
--- a/newlib/libc/libc.in.xml
+++ b/newlib/libc/libc.in.xml
@@ -35,6 +35,7 @@
<xi:include href="iconv.xml">
<xi:fallback/>
</xi:include>
+ <!-- ssp.tex contains fixed content -->
<!-- processing should insert index here -->
<index/>
diff --git a/newlib/libc/libc.texinfo b/newlib/libc/libc.texinfo
index 995e95e..f8c820b 100644
--- a/newlib/libc/libc.texinfo
+++ b/newlib/libc/libc.texinfo
@@ -171,6 +171,7 @@ into another language, under the above conditions for modified versions.
@ifset ICONV
* Iconv::
@end ifset
+* Overflow Protection::
* Document Index::
@end menu
diff --git a/newlib/libc/ssp/ssp.tex b/newlib/libc/ssp/ssp.tex
new file mode 100644
index 0000000..f8440bd
--- /dev/null
+++ b/newlib/libc/ssp/ssp.tex
@@ -0,0 +1,44 @@
+@node Overflow Protection
+@chapter Overflow Protection
+
+@menu
+* Stack Smashing Protection:: Checks enabled with -fstack-protector*
+* Object Size Checking:: Checks enabled with _FORTIFY_SOURCE
+@end menu
+
+@node Stack Smashing Protection
+@section Stack Smashing Protection
+Stack Smashing Protection is a compiler feature which emits extra code
+to check for stack smashing attacks. It depends on a canary, which is
+initialized with the process, and functions for process termination when
+an overflow is detected. These are private entry points intended solely
+for use by the compiler, and are used when any of the @code{-fstack-protector},
+@code{-fstack-protector-all}, @code{-fstack-protector-explicit}, or
+@code{-fstack-protector-strong} compiler flags are enabled.
+
+@node Object Size Checking
+@section Object Size Checking
+Object Size Checking is a feature which wraps certain functions with checks
+to prevent buffer overflows. These are enabled when compiling with
+optimization (@code{-O1} and higher) and @code{_FORTIFY_SOURCE} defined
+to 1, or for stricter checks, to 2.
+
+@cindex list of overflow protected functions
+The following functions use object size checking to detect buffer overflows
+when enabled:
+
+@example
+@exdent @emph{String functions:}
+bcopy memmove strcpy
+bzero mempcpy strcat
+explicit_bzero memset strncat
+memcpy stpcpy strncpy
+
+@exdent @emph{Stdio functions:}
+fgets fread_unlocked sprintf
+fgets_unlocked gets vsnprintf
+fread snprintf vsprintf
+
+@exdent @emph{System functions:}
+getcwd read readlink
+@end example
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-11-29 17:27 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-11-29 17:27 [newlib-cygwin] ssp: add documentation Yaakov Selkowitz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).