= Proposed System Wide Change: Format Security =
https://fedoraproject.org/wiki/Changes/FormatSecurity
Change owner(s): Dhiru Kholia <dhiru.kholia(a)gmail.com>
Enable "-Werror=format-security" compilation flag for all packages in Fedora.
Once this flag is enabled, GCC will refuse to compile code that could be
vulnerable to a string format security flaw.
== Detailed Description ==
Once "-Werror=format-security" is enabled, GCC will refuse to compile code
that could be vulnerable to a string format security flaw. For more details,
please see this FESCo ticket [1].
Enabling this option eliminates an entire class of security issues! To further
understand why it is important to fix such bugs, please see Format-Security-FAQ
page [2].
Implementing this change requires a single line change to be made to the
/usr/lib/rpm/redhat/macros file (part of redhat-rpm-config package). My patch to
do this can be found at [3]
== Scope ==
Proposal owners: Currently, around 400 packages FTBFS if this flag is enabled.
We need to file bugs and also try solving these FTBFS issues.
Other developers: Currently, around 400 packages FTBFS if this flag is enabled.
A list of packages which FTBFS is available at [4]. The fix for these errors is
quite simple (in most cases). It's a matter of changing a line like,
printf(foo), to read printf("%s", foo), instead. That's it. More details are
available on Format-Security-FAQ. Additionally, we highly encourage owners (of
the affected packages) to work with upstream.
Release engineering: A mass build is required.
Policies and guidelines: N/A
[1]
https://fedorahosted.org/fesco/ticket/1185
[2]
https://fedoraproject.org/wiki/Format-Security-FAQ
[3] ​https://bitbucket.org/dhiru/redhat-rpm-config/branch/strict-format
[4]
http://people.fedoraproject.org/~halfie/rebuild-logs.txt