diff options
author | Robin Gloster <mail@glob.in> | 2016-02-22 00:23:15 +0000 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2016-02-22 00:23:15 +0000 |
commit | 911d22f88dd4b24230caa120cdaf8b02cf0eb427 (patch) | |
tree | 6e6299a1229d0542b1a8242900c7e5c835b7b443 /doc | |
parent | 5923f792e15ad4176980ebab6645af217300b102 (diff) |
nixpkgs docs: format hardening
Diffstat (limited to 'doc')
-rw-r--r-- | doc/stdenv.xml | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/doc/stdenv.xml b/doc/stdenv.xml index f8d9acb2fb0c7..0c2bb0339578a 100644 --- a/doc/stdenv.xml +++ b/doc/stdenv.xml @@ -1317,6 +1317,33 @@ in the default system locations.</para> </section> +<section xml:id="sec-hardening-in-nixpkgs"><title>Hardening in Nixpkgs</title> + +<para>By default some flags to harden packages at compile or link-time are set:</para> + +<variablelist> + + <varlistentry> + <term><varname>hardening_format</varname></term> + <listitem><para>Adds the <option>-Wformat -Wformat-security + -Werror=format-security</option> compiler options. At present, + this warns about calls to printf and scanf functions where the + format string is not a string literal and there are no format + arguments, as in <literal>printf(foo);</literal>. This may be + a security hole if the format string came from untrusted input + and contains <literal>%n</literal>.</para> + + <para>This needs to be turned off or fixed for errors similar to:</para> + + <programlisting> +/tmp/nix-build-zynaddsubfx-2.5.2.drv-0/zynaddsubfx-2.5.2/src/UI/guimain.cpp:571:28: error: format not a string literal and no format arguments [-Werror=format-security] + printf(help_message); + ^ +cc1plus: some warnings being treated as errors + </programlisting></listitem> + </varlistentry> +</variablelist> +</section> </chapter> |