On Tue, Jul 31, 2007 at 04:39:31PM -0700, Ng, Cheon-woei wrote: > Another security option mentioned to me is to compile applications with > this option: -D_FORTIFY_SOURCE=2.
Correct (though it requires -O2 or higher too). This solves another
class of sprintf-instead-of-snprintf bugs, by letting the compiler call
the size-limiting versions of functions when it knows the size of a
target buffer. For example, this code:
int func(char *input)
{
char buf[80];
sprintf(buf,"stuff: %s\n",input);
printf("%s",buf);
}
is turned (at compile time) into:
int func(char *input)
{
char buf[80];
snprintf(buf,80,"stuff: %s\n",input); /* this is now snprintf */
printf("%s",buf);
}
> Is this option part of gcc in Ubuntu?
This needs to be changed on a per-package basis in Ubuntu at the moment,
but there are plans to create a more centralized set of compile-time
options when building the archive. Some of the discussion is here:
https://lists.ubuntu.com/archives/ubuntu-devel/2007-May/023597.html
-Kees
--
Kees Cook
signature.asc
Description: Digital signature
-- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
