F21 System Wide Change: Format Security

[Jaroslav Reznik]

= Proposed System Wide Change: Format Security =
https://fedoraproject.org/wiki/Changes/FormatSecurity

Change owner(s): Dhiru Kholia <dhiru.kholia at gmail.com>

Enable "-Werror=format-security" compilation flag for all packages in Fedora. 
Once this flag is enabled, GCC will refuse to compile code that could be 
vulnerable to a string format security flaw.

== Detailed Description ==
Once "-Werror=format-security" is enabled, GCC will refuse to compile code 
that could be vulnerable to a string format security flaw. For more details, 
please see this FESCo ticket [1].

Enabling this option eliminates an entire class of security issues! To further 
understand why it is important to fix such bugs, please see Format-Security-FAQ 
page [2].

Implementing this change requires a single line change to be made to the 
/usr/lib/rpm/redhat/macros file (part of redhat-rpm-config package). My patch to 
do this can be found at [3]

== Scope ==
Proposal owners: Currently, around 400 packages FTBFS if this flag is enabled. 
We need to file bugs and also try solving these FTBFS issues. 

Other developers: Currently, around 400 packages FTBFS if this flag is enabled. 
A list of packages which FTBFS is available at [4]. The fix for these errors is 
quite simple (in most cases). It's a matter of changing a line like, 
printf(foo), to read printf("%s", foo), instead. That's it. More details are 
available on Format-Security-FAQ. Additionally, we highly encourage owners (of 
the affected packages) to work with upstream. 

Release engineering: A mass build is required. 

Policies and guidelines: N/A 

[1] https://fedorahosted.org/fesco/ticket/1185
[2] https://fedoraproject.org/wiki/Format-Security-FAQ
[3] ​https://bitbucket.org/dhiru/redhat-rpm-config/branch/strict-format
[4] http://people.fedoraproject.org/~halfie/rebuild-logs.txt