[Openvas-distro] Hardening OpenVAS
Stephan Kleine
bitdealer at gmail.com
Wed Aug 19 21:30:40 CEST 2009
On Wed, Aug 19, 2009 at 8:54 PM, Tim Brown<timb at openvas.org> wrote:
> On Wednesday 19 August 2009 16:25:52 Stephan Kleine wrote:
>
>> I would love it if you fix your code to comply with those. E.g.
>> Mandriva 2009.1 uses "-Werror=format-security" by default and
>> currently all builds for it are broken (see
>> http://wald.intevation.org/tracker/index.php?func=detail&aid=1051&group_id=
>>29&atid=220 )
>
> Curious, that builds fine for me on Debian using the same flags... didn't get
> a similar error.... In fact, the latest versions of all key modules build
> fine.
No, they are as broken as they ever were (regarding this issue).
Please correct me if I am wrong but Debian uses "-Wformat-security"
while Mandriva uses "-Werror=format-security" so Debian just prints a
warning and moves on while Mandriva bails, right? (so, imho the Debian
approach is kinda half assed)
> Looks like Felix's patch (in the bug report) which is in trunk and
> current releases does the trick in the first case.
That patch is unrelated (it merely replaces g_strdup_printf with
g_strdup since that made no sense there anyways).
> The later cases you report
> are a bug^Wfeature in gcc IMO. It does not appear that gcc is able to
> determine that the format string is generated by GNU gettext and therefore
> throws a wobbly. Not sure how to resolve, so if anyone else has thoughts I'd
> be please to hear them. *wanders over to gcc on FreeNode*
Dunno if that also could be a Mandriva gcc bug but I kinda doubt it
since it also compiles their whole distro just fine and therefore I
consider my warning vs. error theory more likely ;D
iow: try to compile on Debian with "-Werror=format-security" instead
of "-Wformat-security" and see if that works since just generating a
few more warnings in the build log is kinda pointless if you ask me.
Cheers,
Stephan.
More information about the Openvas-distro
mailing list