----- Original Message ----- > From: "Ralf Corsepius" <rc040203@xxxxxxxxxx> > To: devel@xxxxxxxxxxxxxxxxxxxxxxx > Sent: Thursday, December 5, 2013 7:11:19 PM > Subject: Re: FTBFS if "-Werror=format-security" flag is used > > On 12/05/2013 06:38 PM, Michael scherer wrote: > > On Wed, Dec 04, 2013 at 08:25:54PM -0600, mrnuke wrote: > >> On 12/04/2013 12:10 PM, Brendan Jones wrote: > >>> > >>> This is just a pain. Can someone explain to me why this is good? > >>> > >> Good or not, this is not the right question to ask. > >> > >> * Is this necessarry, and are the benefits worth the pains? * > >> > >> This change is Sofa King stupid. Why couldn't we have just enabled the > >> warning without turning it into an error, THEN let packagers work with > >> upstream in fixing those warnings? Regulate, not ban. > > Exactly. > > IMO, the appropriate step would be to add -Wformat-security > (Note: -W, not -Werror) to %optflags to draw the maintainers attention > to it and then be done with it. > > > Because packagers will just ignore it like some currently ignore rpmlint > > or various checks, and in turn this just produce noises for anyone looking > > to > > see if something need to be fixed or not. > > Would you mind to explain why you guys are putting such an emphasize on > -Wformat-security? Some possible ways how to look at it: * because when all reported packages are patched, it would remove one whole class of security flaws, * simultaneously it ensures, new occurrences of the same problem won't be introduced again when adding new code (as it is a problem for many others kinds of security flaws). If such part would be added, the source would just stop building successfully, * it would protect / keep an eye on both, the vanilla upstream source and also the custom patches included in / provided by Fedora maintainers, * common users building locally could get informed in more obvious way right away, .. > > Sure, there are some serious cases, but ... there are many more > further spread issues in C/C++-sources which people have been ignoring > ever since Fedora and RH Linux distros exist. If we did (as you said), it shouldn't be used as an excuse / argument for continuing doing so. Besides that there have been many protection mechanisms implemented during the years (security flaws and ways to exploit them are evolving too together with code and products). So wouldn't be wise to stand away from implementing them, just because "it's too much work." > > IMO, -Wformat-security is almost negibile in comparison to these and you > are making way too much noise about it than it deserves. http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=format+string [*] And those are just the analysed ones (someone took the time to show they are exploitable). Are we really waiting someone to go through the list of packages having these issues, and find case which would "attract more interest"? If so, that's sad approach / sad to hear. > > > Let's rather ask the contrary, why is this so much a issue to communicate > > with upstream to fix things, and add patches ? > > This is not a issue for Debian and Ubuntu, > Do these distros meanwhile have consistent CFLAGS? Last time, I checked > (ca. a year ago) none such thing existed in Debian nor Ubuntu packages. > > > this was not for Mandriva and Mageia > > when similar changes have been enforced and usually, most upstream are > > receptive, > > so i really fail to see why there is people complaining. > With all due respect to these distros, but does this really need to be > explained? > > Ralf Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team [*] Aware that those cover also packages / code not shipped within Fedora. > > -- > devel mailing list > devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
