Enabling "-Werror=format-security" by default
abokovoy at redhat.com
Thu Nov 21 07:09:58 UTC 2013
On Wed, 20 Nov 2013, Dhiru Kholia wrote:
>We are working on a proposal to enable "-Werror=format-security"
>compilation flag for all packages in Fedora.
>Once this flag is enabled, GCC will refuse to compile code that could be
>vulnerable to a string format security flaw. For more details, please
>see https://fedorahosted.org/fesco/ticket/1185 page.
>Enabling this option eliminates an entire class of security issues! To
>further understand why it is important to fix such bugs, please see
>Currently, around 400 packages FTBFS if this flag is enabled. I am all
>set to start filing the bugs (once given the green signal). In addition,
>I am willing to help in patching these packages. I believe that this
>work is important and will benefit everyone (including upstream and
>I am attaching a sample Bugzilla bug report - this is what the actual
>bug reports will look like.
I think these reports are misleading, at least in FreeIPA case.
freeipa-3.3.1-2.fc21.src.rpm/build.log:ipa_enrollment.c:320:5: error: format not a string literal and no format arguments [-Werror=format-security]
freeipa-3.3.1-2.fc21.src.rpm/build.log:ipa_enrollment.c:347:9: error: format not a string literal and no format arguments [-Werror=format-security]
freeipa-3.3.1-2.fc21.src.rpm/build.log:ipa_enrollment.c:360:5: error: format not a string literal and no format arguments [-Werror=format-security]
All three cases are dealing with following lines:
LOG("%s", errMesg ? errMesg : "success\n");
where LOG macro expands to
slapi_log_error(SLAPI_LOG_PLUGIN, NAME, format, arguments ... );
(SLAPI_LOG_PLUGIN and NAME are constants)
as you can see, in all these cases format *is* a string literal and
there are exact format arguments passed.
/ Alexander Bokovoy
More information about the devel