[Olsr-dev] hardening 1by1: -Wformat -Wformat-security -Werror=format-security
Hans of Guardian
(spam-protected)
Wed Oct 10 17:14:08 CEST 2012
I think -Werror=format-security should be included. Its related to the rest, so I provided them for context. -Wformat is even included in -Wall, horror of horrors.
.hc
On Oct 10, 2012, at 3:14 AM, Ferry Huberts wrote:
>
>
> If you'd bothered to check the makefile then you'd seen that these are already there.
>
> Only the latter (-Werror=format-security) is not there, which (IMHO) is but a minor 'improvement'.
>
> Please check before throwing stuff on the mailinglist and make _all_ of us check. You're not building a reputation that we can trust your work without checking it...
>
>
> On 05-10-12 23:34, Hans-Christoph Steiner wrote:
>>
>> As part of the effort to get the hardening flags that are default in
>> Debian to be also default in olsrd, I'm submitting one email per concept
>> so we can discuss them each.
>>
>> The first is "-Wformat -Wformat-security -Werror=format-security". This
>> adds strict checks to *printf() formats, which are a common source of
>> exploits. olsrd currently passes all of these checks.
>>
>> This should be enabled on all platforms.
>>
>> Here's the Debian docs on the topic:
>> http://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_FORMAT_.28gcc.2BAC8-g.2B-.2B-_-Wformat_-Wformat-security_-Werror.3Dformat-security.29
>>
>> .hc
>>
>
> --
> Ferry Huberts
More information about the Olsr-dev
mailing list