[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [hardening-discuss] Using hardening-wrapper but lintian warning still present

El 20/06/12 21:56, Kees Cook escribió:
> If you're using debhelper compat level 9, you don't have to worry about
> including hardening-wrapper and using DEB_BUILD_HARDENING=1. You'll get
> the defaults automatically through debhelper. This is the preferred way
> to get build flags now.
Yes, I'm using it. I just re-compiled the package without the build-dep
and without the environment variable and it compiles and passes to Cmake
the right compiler options, including the previously problematic CPPFLAGS.
> It is possible that the read() was checked at compile-time to be
> safe which is why it was not linked with the protected version
> ("__read_chk"). For example, this will always be safe:
>     char buf[100];
>     ...
>     read(fd, buf, 50);
> In this case, the compiler can see that the read() can never overflow
> the buf (50 is less than 100), so there is no reason to use the protected
> function.
> If you're building with -O1 (or higher) and -D_FORTIFY_SOURCE=2, the
> compiler is always always going to be doing the right thing. :)
> If you really want to, you can test that this is the case by finding the
> uses of read() and using a volatile global variable to replace the length
> argument. (Don't leave the code like this, since it's not a useful change,
> but it can be used to make sure the compiler is doing the right thing.)
>   volatile size_t read_length;
>   ...
>   char buf[100];
>   ...
>   read_length = 50;
>   read(fd, buf, read_length);
> If making that change causes hardening-check to see the __read_chk call,
> then the compiler is being smart and noticed that it doesn't need to do
> extra work at run time to verify the arguments, and you're clear to put
> in a lintian override.
I looked at the source and they only uses "read" in one place (inside a
C++ class representing a standard file). The "read" takes as second
argument the argument of their StdioFile::Read function, but I have
checked all the uses of this StdioFile::Read and it's always safe
(always called with "buf" and "sizeof(buf)").

I will test with the "volatile" variable to assert that, and if it is
the case, I will add the override, to my debian directory.

Thanks very much, you have been very helpful :-)

José Luis Segura Lucas

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: