I have been adding some "compilation flags" to activate security measures in my binary. And then I check that the measures are implemented using the checksec tool. I have been able to activate all of them except for FORTIFY .
I keep geting
FORTIFY = No, Fortified = 0, Fortifiable = 4
as output from checksec even after compiling with -D_FORTIFY_SOURCE=2
I have to say that I use a common CMakeLists.txt for many binaries and I added the -D_FORTIFY_SOURCE=2 in the global add_compile_options section.
For all the other generated binaries the macro has the expected behavior, that is, the other binaries get "fortified".
I am using gcc 9.3.0 , my application is written in c++17 and I compile with -O2 .
Does someone have an idea why my binary is not getting fortified?
Thanks in advance.
Fortification done by checksec script is done heuristically: by grepping for _chk
symbols in output of readelf --dyn-syms
. So it will only be able to detect fortification if
memset
, memcpy
, etc.)__OPTIMIZE__
is defined and greater than zero)gimple_fold_builtin_memory_chk
ingimple-fold.c ) To identify the exact cause of your particular case we'll need an MVCE .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.