[oe-commits] [openembedded-core] 10/31: security_flags: turn potential string format security issues into an error

[git at git.openembedded.org]

rpurdie pushed a commit to branch master-next
in repository openembedded-core.

commit 672e2231a1c7d1ee8957f0e53c66c75db45a7a07
Author: Joshua Lock <joshua.g.lock at intel.com>
AuthorDate: Thu Apr 28 14:27:44 2016 +0100

    security_flags: turn potential string format security issues into an error
    
    Add "-Wformat -Wformat-security -Werror=format-security" to the default
    SECURITY_CFLAGS to catch potential security vulnerabilities due to the
    misuse of various string formatting functions.
    
    These flags are widely used in distributions such as Fedora and Ubuntu,
    however we have 15 recipes in OE-Core which fail to build with these
    flags included and thus the flags are removed for:
    - busybox
    - console-tools
    - cmake
    - expect
    - gcc
    - gettext
    - kexec-tools
    - leafpad
    - libuser
    - ltp
    - makedevs
    - oh-puzzles
    - stat
    - unzip
    - zip
    
    [YOCTO #9488]
    
    Signed-off-by: Joshua Lock <joshua.g.lock at intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
 meta/conf/distro/include/security_flags.inc | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index ff5f34e..5755d28 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -9,8 +9,11 @@
 # -O0 which then results in a compiler warning.
 lcl_maybe_fortify = "${@base_conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=2',d)}"
 
-SECURITY_CFLAGS ?= "-fstack-protector-strong -pie -fpie ${lcl_maybe_fortify}"
-SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong ${lcl_maybe_fortify}"
+# Error on use of format strings that represent possible security problems
+SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-security -Werror=format-security"
+
+SECURITY_CFLAGS ?= "-fstack-protector-strong -pie -fpie ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
+SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
 
 SECURITY_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro,-z,now"
 SECURITY_X_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro"
@@ -92,6 +95,23 @@ SECURITY_CFLAGS_pn-zlib = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-ltp = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-pulseaudio = "${SECURITY_NO_PIE_CFLAGS}"
 
+# Recipes which fail to compile when elevating -Wformat-security to an error
+SECURITY_STRINGFORMAT_pn-busybox = ""
+SECURITY_STRINGFORMAT_pn-console-tools = ""
+SECURITY_STRINGFORMAT_pn-cmake = ""
+SECURITY_STRINGFORMAT_pn-expect = ""
+SECURITY_STRINGFORMAT_pn-gcc = ""
+SECURITY_STRINGFORMAT_pn-gettext = ""
+SECURITY_STRINGFORMAT_pn-kexec-tools = ""
+SECURITY_STRINGFORMAT_pn-leafpad = ""
+SECURITY_STRINGFORMAT_pn-libuser = ""
+SECURITY_STRINGFORMAT_pn-ltp = ""
+SECURITY_STRINGFORMAT_pn-makedevs = ""
+SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
+SECURITY_STRINGFORMAT_pn-stat = ""
+SECURITY_STRINGFORMAT_pn-unzip = ""
+SECURITY_STRINGFORMAT_pn-zip = ""
+
 TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}"
 TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
 

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.