On 4/7/2021 9:28 PM, Peng Yu via Gcc-help wrote:
https://gcc.gnu.org/legacy-ml/gcc-patches/2004-09/msg02055.html When I compile a .c file with -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2, the binary files both contain symbols like ..._chk@... So I can not tell whether _FORTIFY_SOURCE is 1 or 2 just by whether symbols have ..._chk@.... Is there a way to tell the difference only from the binary file?
annobin/annocheck is probably the most likely way to be able to detect this, but I don't know offhand if it can distinguish between the different fortify-source levels. It also (naturally) assumes you've got the annobin plugin installed and that it was enabled when you built your code.
Nick Clifton (nickc@xxxxxxxxxx) is probably the best contact point for understanding annobin/annocheck's capabilities.
jeff
