jsm28cam.ac.uk

• Next message: Chris Evans: "Re: Format security warnings now in GCC"
• Previous message: Olaf Kirch: "Re: Traceroute without s bit"
• Next in thread: Chris Evans: "Re: Format security warnings now in GCC"
• Reply: Chris Evans: "Re: Format security warnings now in GCC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've finally managed to get format security warnings accepted into GCC.
With CVS GCC as of a few hours ago, you can compile with -Wformat
-Wformat-security -Wmissing-format-attribute and detect problems such as
the one in klogd that prompted the discussion in September. (-Wformat is
included in -Wall; the other two options aren't, and have no effect on
their own without -Wformat or -Wall.)

You'll want to add format attributes to <sys/syslog.h> for syslog and
vsyslog if it doesn't have them (patch sent to libc-alpha).

See also my previous message
<URL:http://www2.merton.ox.ac.uk/~security/security-audit-200009/0084.html>.

In October I made GCC go down into conditional expressions and the
initializers for const arrays when checking formats, which may reduce the
number of false positives this yields.

If -Wmissing-format-attribute suggests adding format attributes, you'll
need to recompile after doing so to see if any new problems are detected.

-Wformat-security could get warnings added to it for sprintf into fixed
length buffers that might be too small, but I won't be implementing that
this side of GCC 3.0.

-- 
Joseph S. Myers
jsm28cam.ac.uk

• Next message: Chris Evans: "Re: Format security warnings now in GCC"
• Previous message: Olaf Kirch: "Re: Traceroute without s bit"
• Next in thread: Chris Evans: "Re: Format security warnings now in GCC"
• Reply: Chris Evans: "Re: Format security warnings now in GCC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]