[v5,07/10] ssp: add documentation

Message ID	20171129094300.20296-8-yselkowi@redhat.com
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of newlib-return-15399-patch=linaro.org@sourceware.org designates 209.132.180.131 as permitted sender) client-ip=209.132.180.131; DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:in-reply-to :references; q=dns; s=default; b=mcMfXzjPEHo5kFavja4SjhOOYypOrNR EtBitMBCSHGacyZhniYk0EqAmhz+u3KB9vQcx5WlqhgX/mctzs8BjvjvgOTj8pbw m4zy+2lOigfhNLoX6MC8AkIKOgpMx6Kd2mMqwP3IYQ3WQGX3pqhtbAIiIdNAppfG Tu6Cvy9Tiah8= Mailing-List: contact newlib-help@sourceware.org; run by ezmlm Precedence: bulk Sender: newlib-owner@sourceware.org From: Yaakov Selkowitz <yselkowi@redhat.com> To: newlib@sourceware.org Subject: [PATCH v5 07/10] ssp: add documentation Date: Wed, 29 Nov 2017 03:42:57 -0600 Message-Id: <20171129094300.20296-8-yselkowi@redhat.com> In-Reply-To: <20171129094300.20296-1-yselkowi@redhat.com> References: <20171129094300.20296-1-yselkowi@redhat.com>
Series	Add Stack Smashing Protection and Object Size Checking \| expand [v5,00/10] Add Stack Smashing Protection and Object Size Checking [v5,01/10] ssp: add APIs for Stack Smashing Protection [v5,02/10] ssp: add Object Size Checking common code [v5,03/10] ssp: add Object Size Checking for string.h [v5,04/10] ssp: add Object Size Checking for strings.h [v5,05/10] ssp: add Object Size Checking for stdio.h, part 1 [v5,06/10] ssp: add Object Size Checking for unistd.h, part 1 [v5,07/10] ssp: add documentation [v5,08/10] ssp: add build infrastructure [v5,09/10] cygwin: export SSP functions [v5,10/10] cygwin: create libssp compatibility import library

Message ID

20171129094300.20296-8-yselkowi@redhat.com

State

New

Headers

Received-SPF: pass (google.com: domain of
	newlib-return-15399-patch=linaro.org@sourceware.org
	designates 209.132.180.131 as permitted sender)
	client-ip=209.132.180.131; 
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:date:message-id:in-reply-to
	:references; q=dns; s=default; b=mcMfXzjPEHo5kFavja4SjhOOYypOrNR
	EtBitMBCSHGacyZhniYk0EqAmhz+u3KB9vQcx5WlqhgX/mctzs8BjvjvgOTj8pbw
	m4zy+2lOigfhNLoX6MC8AkIKOgpMx6Kd2mMqwP3IYQ3WQGX3pqhtbAIiIdNAppfG
	Tu6Cvy9Tiah8=
Mailing-List: contact newlib-help@sourceware.org; run by ezmlm
Precedence: bulk
Sender: newlib-owner@sourceware.org
From: Yaakov Selkowitz <yselkowi@redhat.com>
To: newlib@sourceware.org
Subject: [PATCH v5 07/10] ssp: add documentation
Date: Wed, 29 Nov 2017 03:42:57 -0600
Message-Id: <20171129094300.20296-8-yselkowi@redhat.com>
In-Reply-To: <20171129094300.20296-1-yselkowi@redhat.com>
References: <20171129094300.20296-1-yselkowi@redhat.com>

Series

Add Stack Smashing Protection and Object Size Checking | expand

Commit Message

Yaakov Selkowitz Nov. 29, 2017, 9:42 a.m. UTC

Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>

---
 newlib/libc/libc.in.xml  |  1 +
 newlib/libc/libc.texinfo |  1 +
 newlib/libc/ssp/ssp.tex  | 44 ++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 46 insertions(+)
 create mode 100644 newlib/libc/ssp/ssp.tex

-- 
2.15.0

diff --git a/newlib/libc/libc.in.xml b/newlib/libc/libc.in.xml
index 972696189..bf5f8a05f 100644
--- a/newlib/libc/libc.in.xml
+++ b/newlib/libc/libc.in.xml
@@ -35,6 +35,7 @@ 
   <xi:include href="iconv.xml">
       <xi:fallback/>
   </xi:include>
+  <!-- ssp.tex contains fixed content -->
 
   <!-- processing should insert index here -->
   <index/>
diff --git a/newlib/libc/libc.texinfo b/newlib/libc/libc.texinfo
index 995e95e5c..f8c820baf 100644
--- a/newlib/libc/libc.texinfo
+++ b/newlib/libc/libc.texinfo
@@ -171,6 +171,7 @@  into another language, under the above conditions for modified versions.
 @ifset ICONV
 * Iconv::
 @end ifset
+* Overflow Protection::
 
 * Document Index::
 @end menu
diff --git a/newlib/libc/ssp/ssp.tex b/newlib/libc/ssp/ssp.tex
new file mode 100644
index 000000000..f8440bdf9
--- /dev/null
+++ b/newlib/libc/ssp/ssp.tex
@@ -0,0 +1,44 @@ 
+@node Overflow Protection
+@chapter Overflow Protection
+
+@menu
+* Stack Smashing Protection::    Checks enabled with -fstack-protector*
+* Object Size Checking::         Checks enabled with _FORTIFY_SOURCE
+@end menu
+
+@node Stack Smashing Protection
+@section Stack Smashing Protection
+Stack Smashing Protection is a compiler feature which emits extra code
+to check for stack smashing attacks.  It depends on a canary, which is
+initialized with the process, and functions for process termination when
+an overflow is detected.  These are private entry points intended solely
+for use by the compiler, and are used when any of the @code{-fstack-protector},
+@code{-fstack-protector-all}, @code{-fstack-protector-explicit}, or
+@code{-fstack-protector-strong} compiler flags are enabled.
+
+@node Object Size Checking
+@section Object Size Checking
+Object Size Checking is a feature which wraps certain functions with checks
+to prevent buffer overflows.  These are enabled when compiling with
+optimization (@code{-O1} and higher) and @code{_FORTIFY_SOURCE} defined
+to 1, or for stricter checks, to 2.
+
+@cindex list of overflow protected functions
+The following functions use object size checking to detect buffer overflows
+when enabled:
+
+@example
+@exdent @emph{String functions:}
+bcopy           memmove         strcpy
+bzero           mempcpy         strcat
+explicit_bzero  memset          strncat
+memcpy          stpcpy          strncpy
+
+@exdent @emph{Stdio functions:}
+fgets           fread_unlocked  sprintf
+fgets_unlocked  gets            vsnprintf
+fread           snprintf        vsprintf
+
+@exdent @emph{System functions:}
+getcwd          read            readlink
+@end example

[v5,07/10] ssp: add documentation

Commit Message

Patch