From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 109005 invoked by alias); 29 Nov 2017 17:27:13 -0000 Mailing-List: contact newlib-cvs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: newlib-cvs-owner@sourceware.org Received: (qmail 108947 invoked by uid 9642); 29 Nov 2017 17:27:12 -0000 Date: Wed, 29 Nov 2017 17:27:00 -0000 Message-ID: <20171129172712.108944.qmail@sourceware.org> Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Yaakov Selkowitz To: newlib-cvs@sourceware.org Subject: [newlib-cygwin] ssp: add documentation X-Act-Checkin: newlib-cygwin X-Git-Author: Yaakov Selkowitz X-Git-Refname: refs/heads/master X-Git-Oldrev: 6b02865d80f6a38caff78e9bff5c866ac0d6dff6 X-Git-Newrev: 192de5a349f61a70e9d2f74c2be0674114391f56 X-SW-Source: 2017-q4/txt/msg00033.txt.bz2 https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=192de5a349f61a70e9d2f74c2be0674114391f56 commit 192de5a349f61a70e9d2f74c2be0674114391f56 Author: Yaakov Selkowitz Date: Tue Nov 28 18:11:59 2017 -0600 ssp: add documentation Signed-off-by: Yaakov Selkowitz Diff: --- newlib/libc/libc.in.xml | 1 + newlib/libc/libc.texinfo | 1 + newlib/libc/ssp/ssp.tex | 44 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+) diff --git a/newlib/libc/libc.in.xml b/newlib/libc/libc.in.xml index 9726961..bf5f8a0 100644 --- a/newlib/libc/libc.in.xml +++ b/newlib/libc/libc.in.xml @@ -35,6 +35,7 @@ + diff --git a/newlib/libc/libc.texinfo b/newlib/libc/libc.texinfo index 995e95e..f8c820b 100644 --- a/newlib/libc/libc.texinfo +++ b/newlib/libc/libc.texinfo @@ -171,6 +171,7 @@ into another language, under the above conditions for modified versions. @ifset ICONV * Iconv:: @end ifset +* Overflow Protection:: * Document Index:: @end menu diff --git a/newlib/libc/ssp/ssp.tex b/newlib/libc/ssp/ssp.tex new file mode 100644 index 0000000..f8440bd --- /dev/null +++ b/newlib/libc/ssp/ssp.tex @@ -0,0 +1,44 @@ +@node Overflow Protection +@chapter Overflow Protection + +@menu +* Stack Smashing Protection:: Checks enabled with -fstack-protector* +* Object Size Checking:: Checks enabled with _FORTIFY_SOURCE +@end menu + +@node Stack Smashing Protection +@section Stack Smashing Protection +Stack Smashing Protection is a compiler feature which emits extra code +to check for stack smashing attacks. It depends on a canary, which is +initialized with the process, and functions for process termination when +an overflow is detected. These are private entry points intended solely +for use by the compiler, and are used when any of the @code{-fstack-protector}, +@code{-fstack-protector-all}, @code{-fstack-protector-explicit}, or +@code{-fstack-protector-strong} compiler flags are enabled. + +@node Object Size Checking +@section Object Size Checking +Object Size Checking is a feature which wraps certain functions with checks +to prevent buffer overflows. These are enabled when compiling with +optimization (@code{-O1} and higher) and @code{_FORTIFY_SOURCE} defined +to 1, or for stricter checks, to 2. + +@cindex list of overflow protected functions +The following functions use object size checking to detect buffer overflows +when enabled: + +@example +@exdent @emph{String functions:} +bcopy memmove strcpy +bzero mempcpy strcat +explicit_bzero memset strncat +memcpy stpcpy strncpy + +@exdent @emph{Stdio functions:} +fgets fread_unlocked sprintf +fgets_unlocked gets vsnprintf +fread snprintf vsprintf + +@exdent @emph{System functions:} +getcwd read readlink +@end example