On Tue, 2009-04-21 at 08:36 -0500, Dick Hollenbeck wrote: > Dick Hollenbeck wrote: > > Zach Welch wrote: > > > >> Hi all, > >> > >> This patch fixes several warnings caused by -Wformat-security, which > >> appears to be the default in Ubuntu 8.10. > >> [snip] > > The original code looks fine to me. I think you are chasing ghosts on > > this patch. The bug is in the compiler, or the choice to use the warning. [snip] > No, I am wrong. I understand the risk it is warning about. I took no > time to understand what "line" was.
No worries. These days, I think it is very hard to be smarter than the GCC C compiler, as there has been a lot of pressure to make it produce more meaningful warnings. So others understand, the problem lies in the fact that the "line" may be populated from an external source. An attacker might have been able to feed OpenOCD cleverly-crafted input such that it contained format sequences that will get interpreted. These would invariably cause the underlying printf function to act badly, perhaps in an exploitable way. As OpenOCD listens on multiple network ports, this is not an idle consideration, though the same issues might have been exposed and problematic even in local contexts. While this patch hardly makes the system "secure," it is one reasonable measure that protects the system from this particular attack vector. I think the lesson is "learn to love (or live with) -Wformat-security." That's my story, and I'm sticking to it (unless otherwise enlightened). Cheers, Zach _______________________________________________ Openocd-development mailing list Openocd-development@lists.berlios.de https://lists.berlios.de/mailman/listinfo/openocd-development
