Toggle between light and dark mode.
Your selection will not be saved. From GDPR with ❤.

Version 1.4 now supports FORTIFY_SOURCE.

January 14, 2011

What's New?

  1. Support for FORTIFY_SOURCE (--fortify-file, --fortify-proc).
  2. Check if the readelf command is available.
  3. readelf support for 64-bit ELF files.
  4. Check if the requested files and directories do exist.
  5. --dir is now case-sensitive and correctly deals with trailing slashes.
  6. Check user permissions.

fortify-file Usage Example.

The following test program is vulnerable to a stack buffer overflow (see line 10):

#include <string.h>
#include <stdio.h>

main (int argc, char* argv[])
    int  a = 1;
    char buf[12];

    strcpy (buf, argv[1]);
    printf ("%08x\n", a);

    return 0;

Compile the test program without stack canary support (-fno-stack-protector) and without FORTIFY_SOURCE:

$ cat /etc/lsb-release
$ gcc -fno-stack-protector -o testcase testcase.c

Check the compiled executable with results.

The output of the script shows that, as expected, FORTIFY_SOURCE is not supported by the executable. Next, we overflow the stack buffer by providing an overly long command line argument to the test program:


As can be seen from the output above, the stack variable a was successfully overwritten with our overly long command line argument (a was overwritten with the supplied D's or 0x44 in hexadecimal). Next, we compile the test program with FORTIFY_SOURCE support but without stack canaries and check the executable file with again.

ⓘ Note

Under Ubuntu FORTIFY_SOURCE is used when compiled with -O2 or higher. On other Linux distributions (e.g. Fedora or openSUSE) you need to add the compiler flag -D_FORTIFY_SOURCE=2.

Retest of the test program with

The above output of shows, that the executable was successfully compiled with FORTIFY_SOURCE. Now lets try to overflow the buffer again.

*** buffer overflow detected ***: ./testcase terminated
======= Backtrace: =========
======= Memory map: ========
007d4000-007f0000 r-xp 00000000 08:01 135323     /lib/
007f0000-007f1000 r--p 0001b000 08:01 135323     /lib/
007f1000-007f2000 rw-p 0001c000 08:01 135323     /lib/
0080f000-00829000 r-xp 00000000 08:01 131159     /lib/
00829000-0082a000 r--p 00019000 08:01 131159     /lib/
0082a000-0082b000 rw-p 0001a000 08:01 131159     /lib/
00851000-009a8000 r-xp 00000000 08:01 138119     /lib/
009a8000-009aa000 r--p 00157000 08:01 138119     /lib/
009aa000-009ab000 rw-p 00159000 08:01 138119     /lib/
009ab000-009ae000 rw-p 00000000 00:00 0
00ff9000-00ffa000 r-xp 00000000 00:00 0          [vdso]
08048000-08049000 r-xp 00000000 08:01 658356     /home/tk/testcase
08049000-0804a000 r--p 00000000 08:01 658356     /home/tk/testcase
0804a000-0804b000 rw-p 00001000 08:01 658356     /home/tk/testcase
09e50000-09e71000 rw-p 00000000 00:00 0          [heap]
b779f000-b77a0000 rw-p 00000000 00:00 0
b77ae000-b77b0000 rw-p 00000000 00:00 0
bfb00000-bfb21000 rw-p 00000000 00:00 0          [stack]

This time, the attempt to trigger the buffer overflow was successfully mitigated by FORTIFY_SOURCE.

fortify-proc Usage Example.

With the new option --fortify-proc it is also possible to check running processes for FORTIFY_SOURCE support. The usage of this new option is illustrated in the following figure.

Check running processes for FORTIFY_SOURCE support.