On Wed, 20 Nov 2013, Dhiru Kholia wrote:
Hi,
We are working on a proposal to enable "-Werror=format-security"
compilation flag for all packages in Fedora.
Once this flag is enabled, GCC will refuse to compile code that could be
vulnerable to a string format security flaw. For more details, please
see https://fedorahosted.org/fesco/ticket/1185 page.
Enabling this option eliminates an entire class of security issues! To
further understand why it is important to fix such bugs, please see
https://fedoraproject.org/wiki/Format-Security-FAQ page.
Currently, around 400 packages FTBFS if this flag is enabled. I am all
set to start filing the bugs (once given the green signal). In addition,
I am willing to help in patching these packages. I believe that this
work is important and will benefit everyone (including upstream and
other distributions).
I am attaching a sample Bugzilla bug report - this is what the actual
bug reports will look like.
I think these reports are misleading, at least in FreeIPA case.
freeipa-3.3.1-2.fc21.src.rpm/build.log:ipa_enrollment.c:320:5: error: format not a string literal and no format arguments [-Werror=format-security]
freeipa-3.3.1-2.fc21.src.rpm/build.log:ipa_enrollment.c:347:9: error: format not a string literal and no format arguments [-Werror=format-security]
freeipa-3.3.1-2.fc21.src.rpm/build.log:ipa_enrollment.c:360:5: error: format not a string literal and no format arguments [-Werror=format-security]
All three cases are dealing with following lines:
LOG("%s", errMesg ? errMesg : "success\n");
LOG("%s", errMesg);
LOG("%s", errMesg);
where LOG macro expands to
slapi_log_error(SLAPI_LOG_PLUGIN, NAME, format, arguments ... );
(SLAPI_LOG_PLUGIN and NAME are constants)
as you can see, in all these cases format *is* a string literal and
there are exact format arguments passed.
--
/ Alexander Bokovoy
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
