jkavanaghdeluxe
commented
1 month ago @nmilcoff is this project being maintained? If so, are fortified functions already being used or is that work planned?
Open jkavanaghdeluxe opened 2 months ago
jkavanaghdeluxe
commented
1 month ago @nmilcoff is this project being maintained? If so, are fortified functions already being used or is that work planned?
nmilcoff
commented
1 month ago Hi @jkavanaghdeluxe , unfortunately I have moved on to a different stack (outside of dotnet) so this project is unfortunately unmaintained at this point
jkavanaghdeluxe
commented
1 month ago @nmilcoff Thanks for the response.
We have received a report of potential vulnerabilities in the BreachDetector solution as listed below:
Risk Value - M3 Issue Description - Missing Fortified Functions Details - This finding is for Android. The shared object does not have any fortified functions. Fortified functions provide buffer overflow checks against glibc's commons insecure functions like strcpy, gets etc. The affected libraries are: armeabi-v7a/libtool-checker.so armeabi-v7a/libanti.so arm64-v8a/libtool-checker.so arm64-v8a/libanti.so Recommendation - Use the compiler option -D_FORTIFY_SOURCE=2 to fortify functions