[Olsr-dev] hardening 1by1: -Wformat -Wformat-security -Werror=format-security
Henning Rogge
(spam-protected)
Wed Oct 10 09:06:07 CEST 2012
On 10/05/2012 11:34 PM, Hans-Christoph Steiner wrote:
>
> As part of the effort to get the hardening flags that are default in
> Debian to be also default in olsrd, I'm submitting one email per
> concept so we can discuss them each.
>
> The first is "-Wformat -Wformat-security -Werror=format-security".
> This adds strict checks to *printf() formats, which are a common
> source of exploits. olsrd currently passes all of these checks.
>
> This should be enabled on all platforms.
>
> Here's the Debian docs on the topic:
> http://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_FORMAT_.28gcc.2BAC8-g.2B-.2B-_-Wformat_-Wformat-security_-Werror.3Dformat-security.29
Can you put in everything that is necessary for hardening so that it is
default if "DEBUG" is not set? That would be the perfect solution in my
opinion, we just have to check that OpenWRT is able to overwrite it.
Henning Rogge
--
Diplom-Informatiker Henning Rogge , Fraunhofer-Institut für
Kommunikation, Informationsverarbeitung und Ergonomie FKIE
Kommunikationssysteme (KOM)
Fraunhofer Straße 20, 53343 Wachtberg, Germany
Telefon +49 228 9435-961, Fax +49 228 9435 685
mailto:(spam-protected) http://www.fkie.fraunhofer.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6169 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.olsr.org/pipermail/olsr-dev/attachments/20121010/d3fa3c15/attachment.bin>
More information about the Olsr-dev
mailing list