Home
QNX Software Development Platform
QNX SDP is a cross-compiling and debugging environment, including an IDE and command-line tools, for building binary images and programs for target boards running the QNX OS 8.0.
System Security Guide
The QNX System Security Guide is intended for both system integrators who are responsible for the security of a QNX OS system and developers who want to create a QNX OS resource manager free from vulnerabilities.
Security Features for Developers
Compiler defenses
ASan and UBSan
The compiler builds the ASan and UBSan features into the executables. An environment variable optionally controls these features.

QNX Momentics IDE User's Guide
This User's Guide describes version 8.0 of the Integrated Development Environment (IDE) that's part of the QNX Tool Suite.
QNX Software Development Platform
QNX SDP is a cross-compiling and debugging environment, including an IDE and command-line tools, for building binary images and programs for target boards running the QNX OS 8.0.
- Quickstart Guide
- System Architecture
  The System Architecture guide accompanies the QNX OS and is intended for both application developers and end-users.
- OS Components & Operations
- Graphics
- Programming
- System Security Guide
  The QNX System Security Guide is intended for both system integrators who are responsible for the security of a QNX OS system and developers who want to create a QNX OS resource manager free from vulnerabilities.
  - Security Matrix
    The following table describes security problems and cyberattacks and the QNX OS security features that can mitigate them.
  - Security Features Overview
  - Security Features for Developers
    - Security policies
      Security policies can make some aspects of security much easier for a developer.
    - Stack protection
      Stack cookies provide protection against stack buffer overflow on stack-allocated variables, which prevents program misbehaviours.
    - RELRO
    - Compiler defenses
      - ASan and UBSan
        The compiler builds the ASan and UBSan features into the executables. An environment variable optionally controls these features.
    - Address space layout randomization (ASLR)
      Address space layout randomization varies the location of data and instructions each time an executable is loaded.
    - Fortified system functions
      QNX OS fortified system functions are designed to detect out-of-bounds memory accesses by performing lightweight parameter validation at compile-time, runtime, or both.
    - Cryptography for developers
      QNX OS offers developers many alternatives for cryptography functions.
    - Random number generation
    - Permission checking
    - Hypervisor security
      Because the QNX hypervisor is built as an extension of the QNX OS microkernel, it inherits the security features of the microkernel itself as well as the secure execution environment the microkernel creates. It also has additional layers that are purpose built for secure virtual machine operation.
    - Writing a resource manager
      The information in this section is designed to help you create a QNX OS resource manager that does not contain vulnerabilities. It focuses on properly checking both permissions and the length and content of resource manager messages.
  - Security Features for System Integrators
  - Security Policies
  - Fortified System Functions
  - QNX Cryptography Library
    The QNX cryptography library (qcrypto library) is a generic cryptographic shim layer that provides a consistent API to the various cryptographic primitives offered by third-party libraries.
  - The devcrypto service
    The devcrypto service is a legacy system driver interface and is mainly provided for backwards compatibility.
  - Pathtrust
    The pathtrust feature prevents processes from executing untrusted code. If a process is compromised, pathtrust mitigates the threat of the system being further compromised by an attacker using chained-together exploits.
  - PAM
    Systems that need authentication can use pluggable authentication module (PAM), a configurable standard library.
  - Using mkqnximage to Display Security Features
- Utilities & Libraries
- Migrating to QNX OS 8.0
QNX Software in the Cloud
QNX Software in the Cloud enables developers to use the QNX OS in the Amazon cloud environment.
QNX Toolkit for Visual Studio Code
This User's Guide describes the QNX^® Toolkit for Visual Studio Code. The guide introduces you to the QNX Toolkit by explaining the QNX development environment and how to build, run, and debug your QNX^® Operating System (OS) applications and systems.
QNX Hypervisor User's Guide
This User's Guide explains the QNX hypervisor architecture and provides instructions for installing and running a QNX Hypervisor system, changing system components and configuration, and using hypervisor features such as virtual devices (vdevs).
Typographical Conventions, Support, and Licensing
This section describes the typographical conventions used throughout the documentation, explains how to obtain technical support, and provides some information about licensing.

ASan and UBSan

QNX SDP8.0QNX OS System Security GuideAPIConfiguration

The compiler builds the ASan and UBSan features into the executables. An environment variable optionally controls these features.

ASan

Address Sanitizer (ASan) is a memory error detector for C/C++.

When you enable the ASan feature, the compiler adds code to the program to implement address sanitization. You can then build the binary with the -fsanitize=address option (refer to Recommended compiler verification options). The program relies on the libasan.so library, which links automatically, for the target-dependent functionality.

Note:

The target runtime part of the GCC sanitizer suite (libasan) is a compiler feature. It sanitizes the code at build and run time.

The ASAN_OPTIONS environment variable passes most of the runtime flags to the Address Sanitizer. For more information on runtime and other flags, refer to the AddressSanitizer project documentation at: https://github.com/google/sanitizers/wiki/AddressSanitizerFlags.

UBSan

Undefined Behavior Sanitizer (UBSan) is a fast, undefined-behavior detector.

UBSan modifies the program at compile time to catch undefined behavior during the execution of a program. For details about current checks, refer to the Clang Compiler documentation for UBSan at: https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#ubsan-checks.

To suppress the UBSan error reports for specific files, functions, or libraries, without recompiling the code, pass its path in a UBSAN_OPTIONS environment variable.

When you use the qcc option to compile and link the program with the -fsanitize=undefined flag, the executable links with the proper UBSan runtime library (libubsan.so).

Page updated: March 05, 2025