[src/trunk]: src/share/man/man8 Add a paragraph also for "FORTIFY_SOURCE" (or...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/share/man/man8 Add a paragraph also for "FORTIFY_SOURCE" (or...
From: jruoho <jruoho%NetBSD.org@localhost>
Date: Mon, 06 Apr 2020 18:53:27 +0000

details:   https://anonhg.NetBSD.org/src/rev/db3d98c3c83c
branches:  trunk
changeset: 754121:db3d98c3c83c
user:      jruoho <jruoho%NetBSD.org@localhost>
date:      Wed Apr 21 05:39:13 2010 +0000

description:
Add a paragraph also for "FORTIFY_SOURCE" (or USE_FORT).

diffstat:

 share/man/man8/security.8 |  31 ++++++++++++++++++++++++++++++-
 1 files changed, 30 insertions(+), 1 deletions(-)

diffs (45 lines):

diff -r 9cc1e58f2f33 -r db3d98c3c83c share/man/man8/security.8
--- a/share/man/man8/security.8 Wed Apr 21 05:05:07 2010 +0000
+++ b/share/man/man8/security.8 Wed Apr 21 05:39:13 2010 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: security.8,v 1.21 2010/04/21 05:05:07 jruoho Exp $
+.\" $NetBSD: security.8,v 1.22 2010/04/21 05:39:13 jruoho Exp $
 .\"
 .\" Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
 .\" All rights reserved.
@@ -296,6 +296,35 @@
 .Nx 6.0 ,
 .Em SSP
 is used by default on i386 and amd64 architectures.
+.Ss FORTIFY_SOURCE
+The so-called
+.Em FORTIFY_SOURCE
+is a relatively simple technique to detect a subset of buffer overflows
+before these can do damage.
+It is integrated to
+.Xr gcc 1
+together with some common memory and string functions in the standard
+C library of
+.Nx .
+.Pp
+The underlying idea builds on the observation that there are cases where
+the compiler knows the size of a buffer (cf.
+.Xr __builtin_object_size 3 ) .
+If a buffer overflow is suspected in a function that does little or no
+bounds checking, either a compile time warning can be issued or a
+safer substitute function can be used at runtime.
+.Pp
+The
+.Em FORTIY_SOURCE
+is enabled by default in some parts of the
+.Nx
+source tree.
+It is also possible to explicitly enable it by defining
+the following in
+.Xr mk.conf 5 :
+.Bd -literal -offset indent
+USE_FORT=yes
+.Ed
 .Sh PER-USER TEMPORARY STORAGE
 It is possible to configure per-user temporary storage to avoid potential
 security issues (race conditions, etc.) in programs that do not make secure

Prev by Date: [src/trunk]: src/share/man/man8 Fix a typo noted by wiz@.
Next by Date: [src/trunk]: src/share/man/man8 Fix typo.
Previous by Thread: [src/trunk]: src/share/man/man8 Fix a typo noted by wiz@.
Next by Thread: [src/trunk]: src/share/man/man8 Fix typo.
Indexes:

Home | Main Index | Thread Index | Old Index