diff options
author | Joshua Lock <joshua.g.lock@intel.com> | 2016-04-28 14:27:44 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-05-06 10:30:55 +0100 |
commit | f335f8e744fb312b3eb599c331d08a9a6e5a8ff8 (patch) | |
tree | 4c743f6318402647ff6358fd93941aa253dbe39b /meta/conf/distro | |
parent | 30acc7a6b9e6d1c42ba1df6e5a362d10b43cb4eb (diff) | |
download | openembedded-core-f335f8e744fb312b3eb599c331d08a9a6e5a8ff8.tar.gz openembedded-core-f335f8e744fb312b3eb599c331d08a9a6e5a8ff8.tar.bz2 openembedded-core-f335f8e744fb312b3eb599c331d08a9a6e5a8ff8.zip |
security_flags: turn potential string format security issues into an error
Add "-Wformat -Wformat-security -Werror=format-security" to the default
SECURITY_CFLAGS to catch potential security vulnerabilities due to the
misuse of various string formatting functions.
These flags are widely used in distributions such as Fedora and Ubuntu,
however we have 15 recipes in OE-Core which fail to build with these
flags included and thus the flags are removed for:
- busybox
- console-tools
- cmake
- expect
- gcc
- gettext
- kexec-tools
- leafpad
- libuser
- ltp
- makedevs
- oh-puzzles
- stat
- unzip
- zip
[YOCTO #9488]
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/conf/distro')
-rw-r--r-- | meta/conf/distro/include/security_flags.inc | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index ff5f34e3a3..5755d28104 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc @@ -9,8 +9,11 @@ # -O0 which then results in a compiler warning. lcl_maybe_fortify = "${@base_conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=2',d)}" -SECURITY_CFLAGS ?= "-fstack-protector-strong -pie -fpie ${lcl_maybe_fortify}" -SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong ${lcl_maybe_fortify}" +# Error on use of format strings that represent possible security problems +SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-security -Werror=format-security" + +SECURITY_CFLAGS ?= "-fstack-protector-strong -pie -fpie ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}" +SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}" SECURITY_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro,-z,now" SECURITY_X_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro" @@ -92,6 +95,23 @@ SECURITY_CFLAGS_pn-zlib = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-ltp = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-pulseaudio = "${SECURITY_NO_PIE_CFLAGS}" +# Recipes which fail to compile when elevating -Wformat-security to an error +SECURITY_STRINGFORMAT_pn-busybox = "" +SECURITY_STRINGFORMAT_pn-console-tools = "" +SECURITY_STRINGFORMAT_pn-cmake = "" +SECURITY_STRINGFORMAT_pn-expect = "" +SECURITY_STRINGFORMAT_pn-gcc = "" +SECURITY_STRINGFORMAT_pn-gettext = "" +SECURITY_STRINGFORMAT_pn-kexec-tools = "" +SECURITY_STRINGFORMAT_pn-leafpad = "" +SECURITY_STRINGFORMAT_pn-libuser = "" +SECURITY_STRINGFORMAT_pn-ltp = "" +SECURITY_STRINGFORMAT_pn-makedevs = "" +SECURITY_STRINGFORMAT_pn-oh-puzzles = "" +SECURITY_STRINGFORMAT_pn-stat = "" +SECURITY_STRINGFORMAT_pn-unzip = "" +SECURITY_STRINGFORMAT_pn-zip = "" + TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}" TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}" |