Hi, It seems that the latest NDK version does not support this, as building a native app using the NDK and shared libs from an Android 4.2 device (i.e. compiled with FORTIFY_SOURCE enabled) fails, mentioning undef references to some of the related functions (e.g. __strlen_chk).
Do you confirm this, and if so when will there be an Android NDK that is compatible with FORTIFY_SOURCE (I can always replace the original libs of the NDK with those I got from the device, but that's rather a temporary fix) Cheers Hervé On Sunday, November 18, 2012 7:01:58 PM UTC+1, Jeffrey Walton wrote: > > Awesome job. Thanks. > > On Sun, Nov 18, 2012 at 10:40 AM, Nick Kralevich > <[email protected]<javascript:>> > wrote: > > > > -D_FORTIFY_SOURCE=1 protections were added in Android in 4.2, and almost > all > > programs on 4.2 are compiled with FORTIFY_SOURCE enabled. > > > > Some implementation notes, for those curious: > > > > FORTIFY_SOURCE protections are only enabled for applications compiled > with > > gcc. In particiular, llvm does not support the gnu_inline function > attribute > > necessary for FORTIFY_SOURCE to work. > > FORTIFY_SOURCE protections are only enabled on ARM based systems. MIPS > and > > x86 Android systems do not currently have it enabled. > > > > The following Android libc functions are fortified: > > > > bzero > > memcpy > > memmove > > strcpy > > strncpy > > strcat > > strncat > > memset > > strlcpy (not in GLIBC) > > strlcat (not in GLIBC) > > strlen (bionic FORTIFY_SOURCE extension. Detect strlen calls on non-null > > terminated character arrays.) > > umask (bionic FORTIFY_SOURCE extension. Detect invalid umask calls. For > > example: umask(777) instead of umask(0777)) > > open > > openat > > vsnprintf > > vsprintf > > snprintf > > sprintf > > fgets > > > > FORTIFY_SOURCE was just one of the security hardening measures added in > 4.2. > > A more complete list can be found at > > http://developer.android.com/about/versions/jelly-bean.html > > > > -- Nick > > > > On Sun, Nov 18, 2012 at 3:55 AM, Pau Oliva Fora > > <[email protected]<javascript:>> > wrote: > >> > >> I believe yes, but not sure if support is completed. > >> > >> You can check through the git commits for tag android-4.2_r1 here: > >> > >> https://android.googlesource.com/platform/bionic.git/+/android-4.2_r1 > >> > >> Cheers, > >> > >> pof > >> > >> > >> On 11/18/2012 11:05 AM, Jeffrey Walton wrote: > >>> > >>> Did Android 4.2 add support for FORTIFY_SOURCE=1? > >>> > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "Android Security Discussions" group. > >> To post to this group, send email to > >> [email protected] <javascript:>. > >> To unsubscribe from this group, send email to > >> [email protected] <javascript:>. > >> For more options, visit this group at > >> http://groups.google.com/group/android-security-discuss?hl=en. > >> > > > > > > > > -- > > Nick Kralevich | Android Security | [email protected] <javascript:> | > 650.214.4037 > > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
