Nmap Development: _FORTIFY

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Nmap Development mailing list archives

_FORTIFY_SOURCE=2

From: David Fifield <david () bamsoftware com>
Date: Thu, 22 Jan 2009 14:38:42 -0700

On Sun, Jan 04, 2009 at 07:49:18PM -0800, Fyodor wrote:

On Sat, Jan 03, 2009 at 10:39:49AM +0000, doug () hcsw org wrote:

For anyone not familiar with this error message, it is from a fairly
recent addition to gcc called _FORTIFY_SOURCE. Kris observed this
error because Ubuntu enables _FORTIFY_SOURCE=2 by default on all
gcc compiles, unlike many other linux distros.


Sounds like a great feature!  Anyone want to make a patch so that Nmap
always uses this when available?  It would be good for security, and
may help us identify bugs which might otherwise go unnoticed (as we
saw in this case).  Ideally it would cover PCRE and OpenSSL too.


I defined _FORTIFY_SOURCE=2 in nmap, nbase, ncat, and nsock. A few tests
scans didn't show anything obviously failing. I think I'll be able to
test speed in an upcoming nmap-perf benchmark.

This feature is undocumented to a surprising degree. The best web page
I found is the one Doug linked, a mailing list post from 2004:
http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
It adds extra security checks in the source code, looking for things
like ignoring return values that shouldn't be ignored, and overflowing a
buffer with a strcpy. Some checks happen at compile time and others
happen at run time. _FORTIFY_SOURCE=1 is not supposed to cause any
"conforming" program to fail. _FORTIFY_SOURCE=2 adds more checks on top
of that.

To get an idea of the kinds of source code changes effected, try
        g++ -E -Ilibdnet-stripped/include  -Inbase -Insock/include -O2 -DHAVE_CONFIG_H nmap.cc > nmap-fortify-0.E
        g++ -E -Ilibdnet-stripped/include  -Inbase -Insock/include -O2 -DHAVE_CONFIG_H -D_FORTIFY_SOURCE=2 nmap.cc > 
nmap-fortify-2.E
        diff -u nmap-fortify-0.E nmap-fortify-2.E

This change created two new compiler warnings, which I'll check out:

nbase_rnd.c: In function ‘nrand_init’:
nbase_rnd.c:195: warning: ignoring return value of ‘read’, declared with attribute warn_unused_result

tcpip.cc: In function ‘sys_route* getsysroutes_proc(FILE*, int*)’:
tcpip.cc:3022: warning: ignoring return value of ‘char* fgets(char*, int, FILE*)’, declared with attribute 
warn_unused_result

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

By Date By Thread

Current thread:

Re: [PATCH] Experimental SCTP scan support, (continued)
- Re: [PATCH] Experimental SCTP scan support Kris Katterjohn (Jan 03)
  - Re: [PATCH] Experimental SCTP scan support doug (Jan 03)
    - Re: [PATCH] Experimental SCTP scan support Daniel Roethlisberger (Jan 03)
    - Re: [PATCH] Experimental SCTP scan support Fyodor (Jan 04)
    - Re: [PATCH] Experimental SCTP scan support doug (Jan 04)
    - _FORTIFY_SOURCE=2 David Fifield (Jan 22)
    - Re: _FORTIFY_SOURCE=2 David Fifield (Feb 14)
  - Re: [PATCH] Experimental SCTP scan support Daniel Roethlisberger (Jan 03)
    - Re: [PATCH] Experimental SCTP scan support Kris Katterjohn (Jan 03)
- Re: [PATCH] Experimental SCTP scan support pUm (Jan 03)
  - Re: [PATCH] Experimental SCTP scan support Daniel Roethlisberger (Jan 03)