Menu
Can someone point out the difference between gcc -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2? I guess =2 is more secure? I haven't been able to find a list which lists differences point by point.
I have also read that -D_FORTIFY_SOURCE=2 should be used with -O2, otherwise not all features would be available. Also here i haven't found a list which would specify the regressions in detail. I would especially be interested to compile with -Os as the target is a device with not so much flash memory.
Any hints on where this is documented welcome!
864
CC is the name given to the UNIX Compiler Command. It is used as the default compiler command for your operating system and also is executable with the same command. GCC, on the other hand, is the GNU Compiler operating system.
“GCC” is a common shorthand term for the GNU Compiler Collection. This is both the most general name for the compiler, and the name used when the emphasis is on compiling C programs (as the abbreviation formerly stood for “GNU C Compiler”). When referring to C++ compilation, it is usual to call the compiler “G++”.
gcc is a debugger by GNU project. Gdb can step through your source code line-by-line or even instruction by instruction. You may also watch the value of any variable at run-time. In additon, it also helps to identify the place and the reason making the program crash.
From the manual page for the Feature Test Macros (man 7 feature_test_macros)
_FORTIFY_SOURCE(since glibc 2.3.4)Defining this macro causes some lightweight checks to be performed to detect some buffer overflow errors when employing various string and memory manipulation functions (for example,
memcpy,memset,stpcpy,strcpy,strncpy,strcat,strncat,sprintf,snprintf,vsprintf,vsnprintf,gets, and wide character variants thereof). For some functions, argument consistency is checked; for example, a check is made thatopenhas been supplied with a mode argument when the specified flags includeO_CREAT. Not all problems are detected, just some common cases.If
_FORTIFY_SOURCEis set to 1, with compiler optimization level 1 (gcc -O1) and above, checks that shouldn't change the behavior of conforming programs are performed.With
_FORTIFY_SOURCEset to 2, some more checking is added, but some conforming programs might fail.Some of the checks can be performed at compile time (via macros logic implemented in header files), and result in compiler warnings; other checks take place at run time, and result in a run-time error if the check fails.
Use of this macro requires compiler support, available with
gccsince version 4.0.
Moreover, the article Enhance application security with FORTIFY_SOURCE (March 2014) says:
gcc -D_FORTIFY_SOURCE=1 adds checks at compile-time only (some headers are necessary as #include <string.h>)gcc -D_FORTIFY_SOURCE=2 also adds checks at run-time (detected buffer overflow terminates the program)Essentially, _FORTIFY_SOURCE level 2 is more secure, but is a slightly riskier compilation strategy; if you use it, make sure you have very strong regression tests for your compiled code to prove the compiler hasn't introduced any unexpected behaviour.
61
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
