On Mon, Mar 11, 2019 at 01:56:14PM -0400, Ben Cotton wrote: > https://fedoraproject.org/wiki/Changes/HardenedCompiler > > == Summary == > By Default enable a few security hardening flags which are used with GCC. > > == Owner == > * Name: [[User:huzaifas|Huzaifa Sidhpurwala]] > * Email: huzaifas@xxxxxxxxxx > * Release notes owner: huzaifas@xxxxxxxxxx > > > == Detailed Description == > Currently GCC does not enable any security hardening flags by default. > They have to be explicitly enabled by the developers one-by-one. > Ubuntu (https://wiki.ubuntu.com/ToolChain/CompilerFlags) however > enables them and therefore has a hardened compiler by default. Each of > these options can be explicitly disabled if required by the developer > via a GCC command line flag. I am currently proposing the following > flags be enabled by default. > > '''-Wformat -Wformat-security -fstack-protector-strong > --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -O''''' > | 1 || -Wformat || Check calls to "printf" and "scanf", etc., to make > sure that the arguments supplied have types appropriate to the format > string specified, and that the conversions specified in the format > string make sense. || -Wno-format > |- > | 2 || -Wformat-security || If -Wformat is specified, also warn about > uses of format functions that represent possible security problems. > || -Wno-format should disable this as well These two are very valuable warnings. If a C application's existing build process has not already enabled them by default, I would expect they'll trigger a great number of warnings. We're not using -Werror in Fedora though, so these will not cause a build failure. Are we expecting Fedora maintainers to read the build logs & look for these new warnings & report them upstream for fixing ? I'm sceptical that many maintainers are going to put effort into that kind of thing if it isn't blocking their builds. IOW what is the real benefit of enabling them ? Emitting more warnings doesn't make Fedora more secure as the change claims. To be more secure would require using -Werror=format-security which would be a harder sell as a default policy for Fedora. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
