Re: F31 System-Wide Change proposal: Enable Compiler Security hardening flags by default in G

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 3/13/19 5:55 PM, Daniel P. Berrangé wrote:
> On Wed, Mar 13, 2019 at 12:21:29PM +0000, Tom Hughes wrote:
>> On 13/03/2019 12:00, Daniel P. Berrangé wrote:
>>> On Mon, Mar 11, 2019 at 01:56:14PM -0400, Ben Cotton wrote:
>>>
>>>> | 1 || -Wformat || Check calls to "printf" and "scanf", etc., to make
>>>> sure that the arguments supplied have types appropriate to the format
>>>> string specified, and that the conversions specified in the  format
>>>> string make sense. || -Wno-format
>>>> |-
>>>> | 2 || -Wformat-security || If -Wformat is specified, also warn about
>>>> uses of format functions that represent possible security problems.
>>>> || -Wno-format should disable this as well
>>>
>>> These two are very valuable warnings. If a C application's existing
>>> build process has not already enabled them by default, I would expect
>>> they'll trigger a great number of warnings.
>>>
>>> We're not using -Werror in Fedora though, so these will not cause a
>>> build failure.
>>
>> Actually the default optflags already has -Wall (which includes
>> -Wformat) and -Werror=format-security which enables that warning
>> and turns on -Werror for it.
> 
> I wonder why this change is suggesting to add the flags if they
> are already present in our current optflags ?
> 

These gets enabled when you build packages via koji, not when you use
gcc to build packages. Having them enabled by default in gcc, ensures
that user applications get them by default.

-- 
Huzaifa Sidhpurwala / Red Hat Product Security Team
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux