| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 May 2009 15:28:18 +0200 From: Floris Kraak <randakar@...il.com> To: Pekka Enberg <penberg@...helsinki.fi> Cc: Sam Ravnborg <sam@...nborg.org>, Alan Cox <alan@...rguk.ukuu.org.uk>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Trivial Patch Monkey <trivial@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, Al Viro <viro@...iv.linux.org.uk> Subject: Re: [PATCH] Kbuild: Disable the -Wformat-security gcc flag On 5/15/09, Pekka Enberg <penberg@...helsinki.fi> wrote: > > On Wed, Feb 4, 2009 at 5:28 PM, Floris Kraak <randakar@...il.com> wrote: > > Some distributions have enabled the gcc flag -Wformat-security by default.* > > This results in a number of warnings about format arguments to > > functions, sometimes in cases where fixing the warning is not likely > > to actually fix a bug. > > Instead of hand patching a dozens of places (possibly more) that > > produce warnings that get ignored anyway we just turn off the flag in > > the Makefile. > > > > Is there a reason this patch was not merged? Yes, it's clearly a > distro problem but apparently there's no easy way to turn it off. > Well, I posted a few follow up patches that turned this one on his head - instead of disabling the feature in GCC I attempted to hand patch every location that caused the warning instead. However, that is quite a large job for fixing a mere 'minor annoyance' - there are a number of obvious places where merely changing the definition of a 'char* foo' variable into a 'char foo[]' variable makes the warning go away (hence easily done)but getting rid of all of them requires some real code changes here and there. In theory all of them are harmless but it adds up to well over 130 patches. (When split.) I was still in the process of triaging the whole thing into a mergeable form when some assignment came along that caused me to drop the whole thing on the floor. I can dig them up and repost them if you like ;-) Tellingly enough I didn't find any place where the warning was actually warning about anything harmful. Maybe I just need better glasses though ;-) Quite honestly I still believe just disabling this check is the best thing to do. It would be *really* nice if printk could just check instead how many arguments it has and refrain from parsing the format string if there aren't any. Unfortunately that's seemingly impossible - or at least, well beyond my abilities ;-) Regards, Floris --- 'Or lawyers may say, “But if I decline, someone else will do it. So what is gained?” My reply: “Let someone else do it. But not you. Honor is personal. Worry about yourself. You don’t get a pass from moral responsibility because you acted for a client.” That’s the first lesson I would offer, aimed at lawyers. A second lesson, aimed at all, is this: Keep ready your capacity for outrage. This is very important. Next to the vote, outrage is the one response each of us can contribute. Outrage is how honor must confront dishonor. If we lose the capacity for outrage, we are in serious trouble. ' --- Stephen Gillers -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists