3
I have been adding some "compilation flags" to activate security measures in my binary. And then I check that the measures are implemented using the checksec tool. I have been able to activate all of them except for FORTIFY.
I keep geting
RELRO STACK CANARY NX PIE RPATH RUNPATH Symbols FORTIFY Fortified Fortifiable FILE
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH 260 Symbols No 0 7
* FORTIFY_SOURCE support available (libc) : Yes
* Binary compiled with FORTIFY_SOURCE support: No
------ EXECUTABLE-FILE ------- . -------- LIBC --------
Fortifiable library functions | Checked function names
-------------------------------------------------------
fgets | __fgets_chk
memcpy | __memcpy_chk
memset | __memset_chk
recvfrom | __recvfrom_chk
snprintf | __snprintf_chk
strncpy | __strncpy_chk
vsnprintf | __vsnprintf_chk
SUMMARY:
* Number of checked functions in libc : 79
* Total number of library functions in the executable: 179
* Number of Fortifiable functions in the executable : 7
* Number of checked functions in the executable : 0
* Number of unchecked functions in the executable : 7
as output from checksec even after compiling with -D_FORTIFY_SOURCE=2 -O2
I have to say that I use "CONFIG_PKG_FORTIFY_SOURCE_2=y" added the -D_FORTIFY_SOURCE=2 in the global options section.
For all the other generated binaries the macro has the expected behavior, that is, the other binaries get "fortified".
arm-openwrt-linux-muslgnueabi-gcc -O2 -pipe -fno-caller-saves -fno-plt -fhonour-copts -DPIC -fpic -fstack-protector-all -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro
Does someone have an idea why my binary is not getting fortified?
Thanks in advance.