Re: [PATCH 1/2] security_flags: turn potential string format security issues into an error

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Richard Purdie <richard.purdie@linuxfoundation.org>
To: Khem Raj <raj.khem@gmail.com>, Joshua Lock <joshua.g.lock@intel.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [PATCH 1/2] security_flags: turn potential string format security issues into an error
Date: Thu, 28 Apr 2016 17:22:16 +0100	[thread overview]
Message-ID: <1461860536.5465.59.camel@linuxfoundation.org> (raw)
In-Reply-To: <996BAFC5-CEC6-4296-A8BD-E7EA383A754F@gmail.com>

On Thu, 2016-04-28 at 08:58 -0700, Khem Raj wrote:
> > On Apr 28, 2016, at 6:27 AM, Joshua Lock <joshua.g.lock@intel.com>
> > wrote:
> > 
> > -SECURITY_CFLAGS ?= "-fstack-protector-strong -pie -fpie
> > ${lcl_maybe_fortify}"
> > -SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong
> > ${lcl_maybe_fortify}"
> > +# Error on use of format strings that represent possible security
> > problems
> > +SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-security 
> > -Werror=format-security"
> > +
> > +SECURITY_CFLAGS ?= "-fstack-protector-strong -pie -fpie
> > ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
> > +SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong
> > ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
> > 
> > SECURITY_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro,-z,now"
> > SECURITY_X_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro"
> > @@ -92,6 +95,23 @@ SECURITY_CFLAGS_pn-zlib =
> > "${SECURITY_NO_PIE_CFLAGS}"
> > SECURITY_CFLAGS_pn-ltp = "${SECURITY_NO_PIE_CFLAGS}"
> > SECURITY_CFLAGS_pn-pulseaudio = "${SECURITY_NO_PIE_CFLAGS}"
> > 
> > +# Recipes which fail to compile when elevating -Wformat-security
> > to an error
> > +SECURITY_STRINGFORMAT_pn-busybox = ""
> > +SECURITY_STRINGFORMAT_pn-console-tools = ""
> > +SECURITY_STRINGFORMAT_pn-cmake = ""
> > +SECURITY_STRINGFORMAT_pn-expect = ""
> > +SECURITY_STRINGFORMAT_pn-gcc = ""
> > +SECURITY_STRINGFORMAT_pn-gettext = ""
> > +SECURITY_STRINGFORMAT_pn-kexec-tools = ""
> > +SECURITY_STRINGFORMAT_pn-leafpad = ""
> > +SECURITY_STRINGFORMAT_pn-libuser = ""
> > +SECURITY_STRINGFORMAT_pn-ltp = ""
> > +SECURITY_STRINGFORMAT_pn-makedevs = ""
> > +SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
> > +SECURITY_STRINGFORMAT_pn-stat = ""
> > +SECURITY_STRINGFORMAT_pn-unzip = ""
> > +SECURITY_STRINGFORMAT_pn-zip = ""
> 
> Can we use _remove operation instead of introducing a new variable
> and emptying it out here.

I actually suggested we do the above. The reason is that this way, the
user can configure which flags they actually want to use. "remove" also
has the problem that its near impossible for the user to override
further.

I'm starting to believe that remove usage in OE-Core itself is actually
symptomatic of a problem and that if we end up using it, it probably
should be done differently.

Cheers,

Richard

next prev parent reply	other threads:[~2016-04-28 16:22 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-04-28 13:27 [PATCH 1/2] security_flags: turn potential string format security issues into an error Joshua Lock
2016-04-28 13:27 ` [PATCH 2/2] packagegroup-core-lsb: fix whitespace in meta-qt* warnings Joshua Lock
2016-04-28 15:58 ` [PATCH 1/2] security_flags: turn potential string format security issues into an error Khem Raj
2016-04-28 16:22   ` Richard Purdie [this message]
2016-04-28 16:35     ` Khem Raj
2016-04-28 16:39       ` Richard Purdie
2016-04-28 16:42         ` Khem Raj

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1461860536.5465.59.camel@linuxfoundation.org \
    --to=richard.purdie@linuxfoundation.org \
    --cc=joshua.g.lock@intel.com \
    --cc=openembedded-core@lists.openembedded.org \
    --cc=raj.khem@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.