Re: [PATCH] Kbuild: Enable the gcc flag -Wformat-security (was: Re: [PATCH] Kbuild: Disable the -Wformat-security gcc flag)
From: Floris Kraak
Date: Thu Feb 05 2009 - 03:57:43 EST
On Thu, Feb 5, 2009 at 9:47 AM, Floris Kraak <randakar@xxxxxxxxx> wrote:
>
> Here goes:
>
Resend, seems like the earlier patch doesn't quite actually work as
advertised; -Wformat-security needs -Wformat enabled as well.
---
[PATCH] Kbuild: Enable the gcc flag -Wformat-security
Some distributions have enabled the gcc flag -Wformat-security by
default. This causes about 150 new warnings to show up in an
allyesconfig kernel build that are never seen by the majority of the
developers. However there is some value to having this warning. In
some cases there are potential (security) bugs involved where
malicious or simply malformed data from outside the kernel could
trigger stack overflows or other nastyness.
Instead of having a cleanup team running around in perpetuity going
over all new format strings in code it's better to just emit the
warning in all cases.
Signed-off-by: Floris Kraak <randakar@xxxxxxxxx>
---
diff --git a/Makefile b/Makefile
index 7715b2c..d186e41 100644
--- a/Makefile
+++ b/Makefile
@@ -346,7 +346,8 @@ KBUILD_CPPFLAGS := -D__KERNEL__
KBUILD_CFLAGS := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \
-fno-strict-aliasing -fno-common \
- -Werror-implicit-function-declaration
+ -Werror-implicit-function-declaration \
+ -Wformat -Wformat-security
KBUILD_AFLAGS := -D__ASSEMBLY__
# Read KERNELRELEASE from include/config/kernel.release (if it exists)
---
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety."
-- Ben Franklin
"The course of history shows that as a government grows, liberty
decreases."
-- Thomas Jefferson
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/