ssp: add documentation

Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2017-11-28 18:11:59 -06:00 · 2017-11-28 18:11:59 -06:00 · 192de5a349
commit 192de5a349
parent 6b02865d80
3 changed files with 46 additions and 0 deletions
--- a/newlib/libc/libc.in.xml
+++ b/newlib/libc/libc.in.xml
@ -35,6 +35,7 @@
  <xi:include href="iconv.xml">
      <xi:fallback/>
  </xi:include>
+  <!-- ssp.tex contains fixed content -->

  <!-- processing should insert index here -->
  <index/>
--- a/newlib/libc/libc.texinfo
+++ b/newlib/libc/libc.texinfo
@ -171,6 +171,7 @@ into another language, under the above conditions for modified versions.
@ifset ICONV
 * Iconv::
@end ifset
+* Overflow Protection::

 * Document Index::
@end menu
--- a/newlib/libc/ssp/ssp.tex
+++ b/newlib/libc/ssp/ssp.tex
@ -0,0 +1,44 @@
+@node Overflow Protection
+@chapter Overflow Protection
+
+@menu
+* Stack Smashing Protection::    Checks enabled with -fstack-protector*
+* Object Size Checking::         Checks enabled with _FORTIFY_SOURCE
+@end menu
+
+@node Stack Smashing Protection
+@section Stack Smashing Protection
+Stack Smashing Protection is a compiler feature which emits extra code
+to check for stack smashing attacks.  It depends on a canary, which is
+initialized with the process, and functions for process termination when
+an overflow is detected.  These are private entry points intended solely
+for use by the compiler, and are used when any of the @code{-fstack-protector},
+@code{-fstack-protector-all}, @code{-fstack-protector-explicit}, or
+@code{-fstack-protector-strong} compiler flags are enabled.
+
+@node Object Size Checking
+@section Object Size Checking
+Object Size Checking is a feature which wraps certain functions with checks
+to prevent buffer overflows.  These are enabled when compiling with
+optimization (@code{-O1} and higher) and @code{_FORTIFY_SOURCE} defined
+to 1, or for stricter checks, to 2.
+
+@cindex list of overflow protected functions
+The following functions use object size checking to detect buffer overflows
+when enabled:
+
+@example
+@exdent @emph{String functions:}
+bcopy           memmove         strcpy
+bzero           mempcpy         strcat
+explicit_bzero  memset          strncat
+memcpy          stpcpy          strncpy
+
+@exdent @emph{Stdio functions:}
+fgets           fread_unlocked  sprintf
+fgets_unlocked  gets            vsnprintf
+fread           snprintf        vsprintf
+
+@exdent @emph{System functions:}
+getcwd          read            readlink
+@end example