gcc FORTIFY_SOURCE application security flags
Florian Weimer
fweimer at redhat.com
Mon May 6 14:38:19 UTC 2019
* Matthias Baesken:
> I would prefer to get a hs_err file, do you know a way to get this in
> context of the gcc flag _FORTIFY_SOURCE ?
__fortify_fail should eventually raise SIGABRT. So if you install a
handler for that signal, you should be able to generate hs_err file.
__fortify_fail is different from the other checks in that typically runs
*before* memory corruption occurs, so it could be fairly safe to do
in-process error logging. But that's not necessarily true for other
process aborts, so intercepting SIGABRT could increase exposure.
Thanks,
Florian
More information about the build-dev
mailing list