Gary,
Just a quick update...
Gary Winiger wrote:
>
>> 2. Has all of the C source code delivered by the project been verified to
>> be lint clean using the -errsecurity=core (default) setting?
>
> What about GCC?
There does not appear to be a direct match with the GCC suite of tools.
From some of my initial testing, it may very well be that the following
options are the best we can do:
-Wall -Wformat -Wformat-nonliteral -Wformat-security
Still looking into this a little more to see what options we have for
those compiling with GCC. I did also see this:
http://users.bestweb.net/~ctips/tip069.html
Perhaps these are other options that we could recommend... Lastly,
I found this at OpenSolaris:
If you do not have Studio tools installed, you will need to override
the definitions for LINT. You can do this by setting LINT to
$(ONBLD_TOOLS)/bin/fake-lint. You will also have to use make rather
than dmake if you build manually, and should not use nightly's 'd'
option.
See: http://www.opensolaris.org/os/community/tools/gcc/build_instr
What do you think?
g
--
Glenn Brunette
Distinguished Engineer
Director, GSS Security Office
Sun Microsystems, Inc.
