On Tue, Dec 18, 2012 at 1:44 AM, Mike Frysinger wrote:
> On Tuesday 18 December 2012 01:10:14 Jeffrey Walton wrote:
>> If you are going to try the waters with warnings, you should also
>> consider the flags to integrate with platform security.
>>
>> Platform security integration includes fortified
On Tuesday 18 December 2012 00:28:14 David A. Wheeler wrote:
> Jim Meyering said:
> > Did you realize that several GNU projects now enable virtually
> > every gcc warning that is available (even including those that
> > are new in the upcoming gcc-4.8, for folks that use bleeding edge gcc)
> > via
On Tuesday 18 December 2012 01:10:14 Jeffrey Walton wrote:
> If you are going to try the waters with warnings, you should also
> consider the flags to integrate with platform security.
>
> Platform security integration includes fortified sources and stack
> protectors. Here are the flags of intere
Jeffrey Walton writes:
> Yeah, I think you are right about asprintf (though I have never used it).
> I can't count how many times I've seen silent truncation due to sprint.
> Most recently, I pointed it out on some SE Android patches (Android port
> of SE Linux) that passed by the NSA sponsored
On Tue, Dec 18, 2012 at 1:16 AM, Russ Allbery wrote:
> Jeffrey Walton writes:
>
>> FORTIFY_SOURCE=2 (FORTIFY_SOURCE=1 on Android 4.1+), where available.
>> I know Drepper objects to the safer string/memory functions, but his
>> way (the way of 1970's strcpy and strcat) simply does not work. I
>>
Jeffrey Walton writes:
> FORTIFY_SOURCE=2 (FORTIFY_SOURCE=1 on Android 4.1+), where available.
> I know Drepper objects to the safer string/memory functions, but his
> way (the way of 1970's strcpy and strcat) simply does not work. I
> don't disagree that the safer functions are not completely sa
On Tue, Dec 18, 2012 at 12:28 AM, David A. Wheeler
wrote:
> Jim Meyering said:
>> Did you realize that several GNU projects now enable virtually
>> every gcc warning that is available (even including those that
>> are new in the upcoming gcc-4.8, for folks that use bleeding edge gcc)
>> via gnulib
Jim Meyering said:
> Did you realize that several GNU projects now enable virtually
> every gcc warning that is available (even including those that
> are new in the upcoming gcc-4.8, for folks that use bleeding edge gcc)
> via gnulib's manywarnings.m4 configure-time tests?
>
> Of course, there is