Date: Thu, 30 Jul 2015 13:01:17 -0500 From: Pedro Giffuni <pfg@FreeBSD.org> To: freebsd-toolchain@FreeBSD.org Subject: [CFR] FORTIFY_SOURCE Message-ID: <55BA666D.7080709@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Dear developers; As part of this year's Google Summer of Code [1] Oliver Pinter and I have been working on implementing the FORTIFY_SOURCE libc extension. The idea, initially implemented in GNU libc is to use the gcc's __builtin_object_size to replace many common string functions with bounds checking variants, therefore limiting the possibility of buffer overflows. So far the implementation is basically finished and we merged elements of the from both NetBSD and bionic's libc. Our implementation is non-invasive and very effective; it works with both clang and gcc (tested with our base compilers). The code would initially be off by default and there are still some small issues to figure out but we would welcome wider review: https://reviews.freebsd.org/D3043 I will also be requesting and exp-run on the ports tree soon. [1] https://wiki.freebsd.org/SummerOfCode2015/FreeBSDLibcSecurityExtensions
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55BA666D.7080709>