Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 7 Aug 2017 15:18:00 -0700
From: Kees Cook <keescook@...omium.org>
To: Vaishali Thakkar <vaishali.thakkar@...cle.com>
Cc: Rasmus Villemoes <linux@...musvillemoes.dk>, Laura Abbott <labbott@...hat.com>, 
	"kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: Re: Format string gcc-plugin?

On Mon, Aug 7, 2017 at 3:06 PM, Vaishali Thakkar
<vaishali.thakkar@...cle.com> wrote:
> I was recently looking at gcc's -Wformat-security and realized that there is
> a TODO point on KSPP's wiki page regarding fixing it for const
> strings.
>
> I was wondering that may be we can also try Coccinelle for the type checking
> of %pX extensions? Is there any work done or is someone working on this
> after this discussion?
>
> I'm not sure what is a preferable way over here [GCC plugin or Coccinelle
> scripts] but if noone is working on this then I would like to give it a try.
> Any comments on the same are welcome.

I would prefer a gcc plugin just because that could be enabled for the
regular build (where as a Coccinelle check is a separate build type).
Also I think a gcc plugin would allow for better control of the
checks, since it will actually be in the middle of constructing the
actual instructions and variables, etc. Coccinelle has to guess
sometimes.

-Kees

-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.