FTBFS if "-Werror=format-security" flag is used
Ralf Corsepius
rc040203 at freenet.de
Fri Dec 6 13:08:46 UTC 2013
On 12/06/2013 10:43 AM, Reindl Harald wrote:
>
> Am 06.12.2013 10:37, schrieb Ralf Corsepius:
>>>> IMO, -Wformat-security is almost negibile in comparison to these and you
>>>> are making way too much noise about it than it deserves.
>>>
>>> http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=format+string [*]
>>
>> Yeah, a vulnerability - So what?
>>
>> I'd guess the number and severity of vulnerabilities caused by TmpOnTmpfs
>
> how should TmpOnTmpfs cause a vulerability?
> the opposite is true
TmpOnTmpfs is magitudes smaller than a traditional /tmp on /.
This causes programs/packages which are assuming an "almost infinitely
sized /tmp" to easily fill up a small /tmp, and thus the system to choke.
2 Real world examples I've encountered with fedora 18 and 19:
* https://bugzilla.redhat.com/show_bug.cgi?id=971878
This one usually kills an individual's system.
* https://bugzilla.redhat.com/show_bug.cgi?id=1006658
This means one means using "convert" on webserver allows arbitrary users
on the web to kill servers.
Ralf
More information about the devel
mailing list