Is there an external library/approach/whatever to add
- canary protection (stack-protector equivalent)
- extra buffer boundary check (fortify source equivalent)
to C software without using glibc / gcc (stack-protector/fortify source) built-in functionality?
Stack protector has nothing to do with glibc; you just have to provide the symbol
__stack_chk_failwhich will be called by the canary checking code generated by GCC. (If you're generating position-independent code, you also need__stack_chk_fail_localwhich has hidden visibility and thus can be called without the GOT pointer being initialized.) You also need to make sure the canary storage is available and initialized; depending on the architecture/ABI you're using, this may be in a global named__stack_chk_guardor at a particular fixed offset from the thread pointer (%gs:0on x86).As for
_FORTIFY_SOURCE, you can reproduce the equivalent with GCC builtins similar to how glibc's headers do it. This could be done as an independent layer separate from the libc headers, via GCC's#include_nextfeature and a secondary include directory wrapping the standard headers, with no dependency on the particular libc implementation in use. As far as I know, no such implementation presently exists, but we very much want one for use with musl libc. You could try reaching out to our development team/community and see if anyone's interested in helping you work on it or prioritizing development of such headers.