Re: F31 System-Wide Change proposal: Enable Compiler Security hardening flags by default in G

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 13/03/2019 12:00, Daniel P. Berrangé wrote:
On Mon, Mar 11, 2019 at 01:56:14PM -0400, Ben Cotton wrote:

| 1 || -Wformat || Check calls to "printf" and "scanf", etc., to make
sure that the arguments supplied have types appropriate to the format
string specified, and that the conversions specified in the  format
string make sense. || -Wno-format
|-
| 2 || -Wformat-security || If -Wformat is specified, also warn about
uses of format functions that represent possible security problems.
|| -Wno-format should disable this as well

These two are very valuable warnings. If a C application's existing
build process has not already enabled them by default, I would expect
they'll trigger a great number of warnings.

We're not using -Werror in Fedora though, so these will not cause a
build failure.

Actually the default optflags already has -Wall (which includes
-Wformat) and -Werror=format-security which enables that warning
and turns on -Werror for it.

So format-security does actually cause build failures already.

Tom

--
Tom Hughes (tom@xxxxxxxxxx)
http://compton.nu/
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux