List of software quality issues with the number of affected components.
category ALL
Policies
Info
Count
Category
Detected Linux executable files compiled without any kind of buffer overrun protection while using banned memory functions.
Causes risk: misconfigured toolchains detected
1
hardening
Problem
Buffer overrun protection on Linux is achieved in two ways. The most common solution is to use the stack canary (also called cookie). The stack canary is a special value written onto the stack that allows the operating system to detect and terminate the program if a stack overrun occurs. In most cases, compilers will apply the stack canary conservatively in order to avoid a negative performance impact. Therefore, stack canaries are often used together with another stack overrun mitigation - fortified functions. Fortified functions are usually wrappers around standard glibc functions (such as memcpy) which perform boundary checks either at compile time or run time to determine if a memory violation has occurred. The compiler needs additional context to generate such calls (for example, array size that needs to be known at compile time). Because of this, the compiler will virtually never substitute all viable functions with their fortified counterparts in complex programs. However, when combined with the stack canary, fortified functions provide a good measure of buffer overrun protection.Prevalence in npm community
0 packages
found in
Top 100
1 packages
found in
Top 1k
84 packages
found in
Top 10k
11078 packages
in community
Next steps
Presence of unfortified memory functions may indicate use of unsafe programming practices, and you should avoid it if possible.
In GCC, enable fortified functions with -fstack-protector and -D_FORTIFY_SOURCE=2 flag, while using at least -O1 optimization level.
Detected Linux executable files compiled without any kind of buffer overrun protection while using banned input functions.
Causes risk: misconfigured toolchains detected
1
hardening
Problem
Buffer overrun protection on Linux is achieved in two ways. The most common solution is to use the stack canary (also called cookie). The stack canary is a special value written onto the stack that allows the operating system to detect and terminate the program if a stack overrun occurs. In most cases, compilers will apply the stack canary conservatively in order to avoid a negative performance impact. Therefore, stack canaries are often used together with another stack overrun mitigation - fortified functions. Fortified functions are usually wrappers around standard glibc functions (such as memcpy) which perform boundary checks either at compile time or run time to determine if a memory violation has occurred. The compiler needs additional context to generate such calls (for example, array size that needs to be known at compile time). Because of this, the compiler will virtually never substitute all viable functions with their fortified counterparts in complex programs. However, when combined with the stack canary, fortified functions provide a good measure of buffer overrun protection.Prevalence in npm community
0 packages
found in
Top 100
1 packages
found in
Top 1k
71 packages
found in
Top 10k
9294 packages
in community
Next steps
Presence of some input functions may indicate use of unsafe programming practices, and you should avoid it if possible.
In GCC, enable fortified functions with -fstack-protector and -D_FORTIFY_SOURCE=2 flag, while using at least -O1 optimization level.