Bug#670993: busybox: Please use dpkg-buildflags for hardening support
Michael Tokarev wrote:
> If I were upstream I'd reject this approach.
Oh, sorry for the lack of clarity. I'm personally fine with leaving
these warnings unaddressed. (Debian doesn't use busybox's selinux
support as far as I can tell.) My only goal was to convey that there
are at least three options:
- annotating calls where the argument happens not to contain a %
sign, in a safe way so that the program is not broken if that
assumption stops holding. When using printf-like functions in C,
this is spelled as f("%s", str).
- using an alternative function for the unformatted case
- making bb_msg_* into string literals
You've mentioned that you don't like the first of those three options,
and that interested people should pursue this directly with upstream.
Sounds reasonable to me.
[...]
> The stat -Z case is a real bug however, and should be fixed
> spearately. But this is - IMHO - a different story.
It's the same story. The way to prevent the same problem from
happening again is to occasionally look through the warnings
-Wformat-security emits, something people are much more likely to do
if there are not many of them.
Thanks,
Jonathan
Reply to: