Home
QNX Software Development Platform
QNX SDP is a cross-compiling and debugging environment, including an IDE and command-line tools, for building binary images and programs for target boards running the QNX OS 8.0.
System Security Guide
The QNX System Security Guide is intended for both system integrators who are responsible for the security of a QNX OS system and developers who want to create a QNX OS resource manager free from vulnerabilities.
Security for Developers
A security checklist for developers

QNX Momentics IDE User's Guide
This User's Guide describes version 8.0 of the Integrated Development Environment (IDE) that's part of the QNX Tool Suite.
QNX Software Development Platform
QNX SDP is a cross-compiling and debugging environment, including an IDE and command-line tools, for building binary images and programs for target boards running the QNX OS 8.0.
- Quickstart Guide
- System Architecture
  The System Architecture guide accompanies the QNX OS and is intended for both application developers and end-users.
- OS Components & Operations
- Graphics
- Programming
- System Security Guide
  The QNX System Security Guide is intended for both system integrators who are responsible for the security of a QNX OS system and developers who want to create a QNX OS resource manager free from vulnerabilities.
  - Security Features Overview
  - Security for Developers
    - A security checklist for developers
    - Security policies
      Security policies can make some aspects of security much easier for a developer.
    - Stack protection
      Stack canaries provide protection against stack buffer overflow on stack-allocated variables, which prevents program misbehaviours.
    - RELRO
    - Compiler defenses
    - Address space layout randomization (ASLR)
      Address space layout randomization varies the location of data and instructions each time an executable is loaded.
    - Fortified system functions
      QNX OS fortified system functions are designed to detect out-of-bounds memory accesses by performing lightweight parameter validation at compile-time, runtime, or both.
    - Cryptography for developers
      QNX OS offers developers many alternatives for cryptography functions.
    - Random number generation
    - Permission checking
    - Hypervisor security
      Because the QNX hypervisor is built as an extension of the QNX OS microkernel, it inherits the security features of the microkernel itself as well as the secure execution environment the microkernel creates. It also has additional layers that are purpose built for secure virtual machine operation.
    - Writing a resource manager
      The information in this section is designed to help you create a QNX OS resource manager that does not contain vulnerabilities. It focuses on properly checking both permissions and the length and content of resource manager messages.
  - Security for System Integrators
  - Abilities
  - Security Policies
    Although QNX OS allows a process to set which operations it is permitted to do, a better option is to use the system’s security policies functionality.
  - Fortified System Functions
  - Pathtrust
    The pathtrust feature prevents processes from executing untrusted code. If a process is compromised, pathtrust mitigates the threat of the system being further compromised by an attacker using chained-together exploits.
  - Using mkqnximage to Display Security Features
  - Abilities Reference
  - Security Matrix
    The following table describes security problems and cyberattacks and the QNX OS security features that can mitigate them.
- Utilities & Libraries
- Migrating to QNX OS 8.0
QNX Software in the Cloud
QNX Software in the Cloud enables developers to use the QNX software in Amazon Web Services (AWS) and Microsoft Azure (Azure).
QNX Toolkit for Visual Studio Code
This User's Guide describes the QNX^® Toolkit for Visual Studio Code. The guide introduces you to the QNX Toolkit by explaining the QNX development environment and how to build, run, and debug your QNX^® Operating System (OS) applications and systems.
QNX Hypervisor and QNX Hypervisor for Safety
The QNX Hypervisor and QNX Hypervisor for Safety products allow you to run multiple OSs on a target system so you can separate critical and non-critical functions, support a wide variety of applications, and reduce hardware costs.
Typographical Conventions, Support, and Licensing
This section describes the typographical conventions used throughout the documentation, explains how to obtain technical support, and provides some information about licensing.

A security checklist for developers

QNX SDP8.0QNX OS System Security GuideAPIConfiguration

Follow these recommendations when you develop and compile applications to help create a secure QNX OS system:


Recommendation	More information
Use the security policy library (libsecpol) APIs to manage an application's privileges. These APIs make it easy for a process to control its own privileges as well as those of any child processes.	Security policies
Use secpol_transition_type() to configure your application to drop unneeded privileges after initialization.	Initialization
Enable stack canaries to protect against stack buffer overflow on stack-allocated variables and other threats.	Stack protection
Enable the RELRO (Relocation Read-Only) compiler option to mark the relocation sections of an executable as read-only.	RELRO
Use compiler options to enable security features, generate warnings, and additional verification.	Compiler defenses
Enable the use of fortified system functions, which are designed to detect out-of-bounds memory accesses.	Fortified system functions
For random number generation, use the QNX OS random service (instead of libc random number functions).	Random number generation
When you design and implement resource managers: Implement proper length checking (to prevent buffer overflows) and permission checking. To allow the system security policy to control ownership and permissions, use secpol_resmgr_attach(), not resmgr_attach(). This configuration gives the system integrator control of resource manager mount points, not just the ability verify their ownership and permissions.	Writing a resource manager

In addition to detailed discussions of and instructions for features in this essentials list, this chapter provides information on additional features that can add additional security or that apply only in specific environments.

Page updated: March 25, 2026