lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 4 Feb 2009 15:28:47 +0100
From:	Floris Kraak <randakar@...il.com>
To:	Sam Ravnborg <sam@...nborg.org>
Cc:	Alan Cox <alan@...rguk.ukuu.org.uk>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Trivial Patch Monkey <trivial@...nel.org>
Subject: [PATCH] Kbuild: Disable the -Wformat-security gcc flag

Some distributions have enabled the gcc flag -Wformat-security by default.*
This results in a number of warnings about format arguments to
functions, sometimes in cases where fixing the warning is not likely
to actually fix a bug.
Instead of hand patching a dozens of places (possibly more) that
produce warnings that get ignored anyway we just turn off the flag in
the Makefile.

Note: Regardless of any discussion surrounding the value of this
particular type of warning, having this show up in a few distributions
but not in the
vast majority of them means that this warning won't be seen by most of
the developers who introduce the new warnings in the first place. If
the
kernel decides it cares about format arguments it should do so
globally regardless of distribution. In which case I'd gladly whip up
a patch to do
the reverse thing and turn this thing on by default. However, such a
patch would have to produce a follow up patch(set) which fixes each
individual
warning.

See also:
http://kerneltrap.org/mailarchive/linux-kernel/2008/11/20/4215134

*) The ubuntu manpage for gcc states:

      -Wformat-security
          If -Wformat is specified, also warn about uses of format
functions that represent possible security problems.  At present, this
warns about
          calls to "printf" and "scanf" functions where the format
string is not a string literal and there are no format arguments, as
in "printf
          (foo);".  This may be a security hole if the format string
came from untrusted input and contains %n.  (This is currently a
subset of what
          -Wformat-nonliteral warns about, but in future warnings may
be added to -Wformat-security that are not included in
-Wformat-nonliteral.)

          NOTE: In Ubuntu 8.10 and later versions this option is
enabled by default for C, C++, ObjC, ObjC++.  To disable, use
-Wno-format-security, or
          disable all format warnings with -Wformat=0.  To make format
security warnings fatal, specify -Werror=format-security.

Signed-off-by: Floris Kraak <randakar@...il.com>
---
diff --git a/Makefile b/Makefile
index 7715b2c..9ee766c 100644
--- a/Makefile
+++ b/Makefile
@@ -346,7 +346,8 @@ KBUILD_CPPFLAGS := -D__KERNEL__

 KBUILD_CFLAGS   := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \
 		   -fno-strict-aliasing -fno-common \
-		   -Werror-implicit-function-declaration
+		   -Werror-implicit-function-declaration \
+		   -Wno-format-security
 KBUILD_AFLAGS   := -D__ASSEMBLY__

 # Read KERNELRELEASE from include/config/kernel.release (if it exists)

---
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety."
  -- Ben Franklin

"The course of history shows that as a government grows, liberty
decreases."
  -- Thomas Jefferson
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ