From owner-freebsd-security Mon May 13 10: 0:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from south.nanolink.com (south.nanolink.com [217.75.134.10]) by hub.freebsd.org (Postfix) with SMTP id 9AEA037B403 for ; Mon, 13 May 2002 10:00:07 -0700 (PDT) Received: (qmail 84795 invoked from network); 13 May 2002 17:07:19 -0000 Received: from unknown (HELO straylight.ringlet.net) (212.116.140.125) by south.nanolink.com with SMTP; 13 May 2002 17:07:19 -0000 Received: (qmail 57763 invoked by uid 1000); 13 May 2002 16:58:57 -0000 Date: Mon, 13 May 2002 19:58:57 +0300 From: Peter Pentchev To: Sam Leffler Cc: "Carroll, D. (Danny)" , Mitch Collinsworth , security@FreeBSD.ORG Subject: Re: DHCPD bug Message-ID: <20020513195857.J34169@straylight.oblivion.bg> Mail-Followup-To: Sam Leffler , "Carroll, D. (Danny)" , Mitch Collinsworth , security@FreeBSD.ORG References: <6C506EA550443D44A061432F1E92EA4C6C5156@ing.com> <007201c1fa96$7f8a6820$38036a83@ZABU> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="5vjQsMS/9MbKYGLq" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <007201c1fa96$7f8a6820$38036a83@ZABU>; from sam@errno.com on Mon, May 13, 2002 at 08:54:35AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --5vjQsMS/9MbKYGLq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 13, 2002 at 08:54:35AM -0700, Sam Leffler wrote: > > But my point is, maybe a simple sed or perl script ran over the source > > might yeild other potential problems? >=20 > NetBSD used gcc -Wformat (or whatever it is) to validate format > strings against the varags parameter lists. So does FreeBSD, for the base system, if FORMAT_AUDIT is defined in the Makefile - -Wnon-const-format and -Wno-format-extra-args are added to CFLAGS, making gcc whine for the case of syslog(var) and syslog("%s %s", var), respectively. For the ports, though - I have tried exorcising the compiler warnings from a couple of largish ports that I maintain, nothing to compare with the size of KDE, GNOME, GCC, or even ISC-DHCP, and let me tell you, it is no fun, no fun at all.. A little make(1) output postprocessor (or a simple fgrep run over the make(1) output) could help things, if you are only looking for format string misuse, but even then, it may not help a whole lot - the two format warnings added to gcc only analyze calls to functions that have been explicitly defined as being printf-like, and most programs out there roll out their own logging functions, few (very few) of which are marked as such. So basically, yes, it could be done; no, I would not expect each and every port maintainer to try for it. Come to think of it, I myself have not tried for it until now; this might change, but then again, I maintain neither the largest nor the most important ports, so it might be feasible for me, but not for others. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 Thit sentence is not self-referential because "thit" is not a word. --5vjQsMS/9MbKYGLq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE83/DR7Ri2jRYZRVMRAsR0AJwOtYkCdrR/UcuwJLRgTxkXOwTnHgCgj0Go c1yI0WfGKG6Rv896V05OSkQ= =uy8h -----END PGP SIGNATURE----- --5vjQsMS/9MbKYGLq-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message