[hardening-discuss] Bug#587358: Bug#587358: hardening-wrapper: should -Werror=format and -Werror=format-security be set too?
Kees Cook
kees at debian.org
Sun Jun 27 21:05:05 UTC 2010
On Sun, Jun 27, 2010 at 03:25:54PM -0500, Raphael Geissert wrote:
> I think that people who use the wrapper (or the makefile fragments) would be
> happy if the compilation aborted in case -Wformat or -Wformat-security led to
> a warning.
> If -Werror is not used then somebody has to dig in the build logs to find the
> warnings, so I think it would be better if -Werror=format and -Werror=format-
> security are passed too.
>
> What do you think?
I think -Werror=format-security would be a good idea. I'm not sure
about -Werror=format, though, since -Wformat produces a LOT of noise
for things that frequently don't matter.
Let's start with -Werror=format-security and see how that goes first, and
then move on from there.
-Kees
--
Kees Cook @debian.org
More information about the hardening-discuss
mailing list