[Olsr-dev] hardening 1by1: -Wformat -Wformat-security -Werror=format-security

Fri Oct 12 23:05:52 CEST 2012

On Oct 10, 2012, at 3:26 AM, Henning Rogge wrote:

> On 10/10/2012 09:14 AM, Ferry Huberts wrote:
>> 
>> 
>> On 05-10-12 23:34, Hans-Christoph Steiner wrote:
>>> 
>>> As part of the effort to get the hardening flags that are default in
>>> Debian to be also default in olsrd, I'm submitting one email per concept
>>> so we can discuss them each.
>>> 
>>> The first is "-Wformat -Wformat-security -Werror=format-security".  This
>>> adds strict checks to *printf() formats, which are a common source of
>>> exploits.  olsrd currently passes all of these checks.
> 
> I just check the current settings myself (Kubuntu 64 bit, 3.2.0-31 kernel, gcc 4.6.3), compiling with debug:
> 
> CFLAGS: -Wall -Wextra -Wold-style-definition -Wdeclaration-after-statement -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -Wsign-compare -Waggregate-return -Wmissing-noreturn -Wmissing-format-attribute -Wno-multichar -Wno-deprecated-declarations -Wendif-labels -Wwrite-strings -Wbad-function-cast -Wpointer-arith -Wcast-qual -Wshadow -Wformat -Wsequence-point -Wcast-align -Wformat-security -Wformat-y2k -Winit-self -Wswitch-default -Wsync-nand -Wundef -Wlogical-op -Wdouble-promotion -Wjump-misses-init -Wtrampolines -Wunused-parameter -Wnested-externs -Winline -Wdisabled-optimization -finline-functions-called-once -funit-at-a-time -fearly-inlining -finline-limit=350   -fPIC -ggdb
> 
> LDFLAGS: -Wl,-export-dynamic  -Wl,-rpath,/usr/local/lib -Wl,--warn-common -fPIC
> 
> Compiling without debug:
> 
> CFLAGS: -Wall -Wextra -Wold-style-definition -Wdeclaration-after-statement -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -Wsign-compare -Waggregate-return -Wmissing-noreturn -Wmissing-format-attribute -Wno-multichar -Wno-deprecated-declarations -Wendif-labels -Wwrite-strings -Wbad-function-cast -Wpointer-arith -Wcast-qual -Wshadow -Wformat -Wsequence-point -Wcast-align -Wformat-security -Wformat-y2k -Winit-self -Wswitch-default -Wsync-nand -Wundef -Wlogical-op -Wdouble-promotion -Wjump-misses-init -Wtrampolines -Wunused-parameter -Wnested-externs -Winline -Wdisabled-optimization -finline-functions-called-once -funit-at-a-time -fearly-inlining -fomit-frame-pointer -finline-limit=350   -fPIC
> LDFLAGS: -Wl,-export-dynamic  -Wl,-rpath,/usr/local/lib -Wl,--warn-common -fPI
> 
> --------------
> "-Wformat" and "-Wformat-security" are there, "-Werror=format-security" is not.

We should include -Werror=format-security as well. Including root exploits is definitely an error, not just a warning.  The current code already passes -Werror=format-security so it would prevent new bugs from being added.

As for committing these, honestly, I'm not up for it.  Ferry and you seem to have very specific rules about how that should be done and I don't understand them, and can find no docs on them.  Please commit -Werror=format-security.

.hc