[PATCH] Kbuild: Enable the gcc flag -Wformat-security (was: Re: [PATCH] Kbuild: Disable the -Wformat-security gcc flag)

From: Floris Kraak
Date: Thu Feb 05 2009 - 03:47:33 EST

Next message: Kentaro Takeda: "[TOMOYO #15 2/8] Memory and pathname management functions."
Previous message: Bill Fink: "Re: [PATCH v2] tcp: splice as many packets as possible at once"
Next in thread: Floris Kraak: "Re: [PATCH] Kbuild: Enable the gcc flag -Wformat-security (was: Re: [PATCH] Kbuild: Disable the -Wformat-security gcc flag)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 5, 2009 at 9:26 AM, Floris Kraak <randakar@xxxxxxxxx> wrote:
>
> As I noted applying a patch that does the reverse and enables the
> check instead is perfectly acceptable to me. Long term somebody
> probably needs to go through all of them and fix (most of) them
> anyway.
>

Here goes:

[PATCH] Kbuild: Enable the gcc flag -Wformat-security

Some distributions have enabled the gcc flag -Wformat-security by
default. This causes about 150 new warnings to show up in an
allyesconfig kernel build that are never seen by the majority of the
developers. However there is some value to having this warning. In
some cases there are potential (security) bugs involved where
malicious or simply malformed data from outside the kernel could
trigger stack overflows or other nastyness. Instead of having a
cleanup team running around in perpetuity going over all new format
strings in code it's better to just emit the warning in all cases.

Signed-off-by: Floris Kraak <randakar@xxxxxxxxx>
---
diff --git a/Makefile b/Makefile
index 7715b2c..ed3b973 100644
--- a/Makefile
+++ b/Makefile
@@ -346,7 +346,8 @@ KBUILD_CPPFLAGS := -D__KERNEL__

KBUILD_CFLAGS := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \
-fno-strict-aliasing -fno-common \
- -Werror-implicit-function-declaration
+ -Werror-implicit-function-declaration \
+ -Wformat-security
KBUILD_AFLAGS := -D__ASSEMBLY__

# Read KERNELRELEASE from include/config/kernel.release (if it exists)
---
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety."
-- Ben Franklin

"The course of history shows that as a government grows, liberty
decreases."
-- Thomas Jefferson
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kentaro Takeda: "[TOMOYO #15 2/8] Memory and pathname management functions."
Previous message: Bill Fink: "Re: [PATCH v2] tcp: splice as many packets as possible at once"
Next in thread: Floris Kraak: "Re: [PATCH] Kbuild: Enable the gcc flag -Wformat-security (was: Re: [PATCH] Kbuild: Disable the -Wformat-security gcc flag)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]