[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#670993: busybox: Please use dpkg-buildflags for hardening support

Michael Tokarev wrote:

> If I were upstream I'd reject this approach.

Oh, sorry for the lack of clarity.  I'm personally fine with leaving
these warnings unaddressed.  (Debian doesn't use busybox's selinux
support as far as I can tell.)  My only goal was to convey that there
are at least three options:

 - annotating calls where the argument happens not to contain a %
   sign, in a safe way so that the program is not broken if that
   assumption stops holding.  When using printf-like functions in C,
   this is spelled as f("%s", str).

 - using an alternative function for the unformatted case

 - making bb_msg_* into string literals

You've mentioned that you don't like the first of those three options,
and that interested people should pursue this directly with upstream.
Sounds reasonable to me.

> The stat -Z case is a real bug however, and should be fixed
> spearately.  But this is - IMHO - a different story.

It's the same story.  The way to prevent the same problem from
happening again is to occasionally look through the warnings
-Wformat-security emits, something people are much more likely to do
if there are not many of them.


Reply to: