[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Enabling compiler warning flags

From: Bob Friesenhahn
Subject: Re: Enabling compiler warning flags
Date: Wed, 19 Dec 2012 21:26:42 -0600 (CST)
User-agent: Alpine 2.01 (GSO 1266 2009-07-14)

On Wed, 19 Dec 2012, Jeffrey Walton wrote:

Surely it is better to leave this to OS distribution maintainers who
establish common rules for OS packages and ensure that options are applied
in a uniform and consistent manner.
I think your arguments make a lot of sense and I would like to agree with you.

Unfortunately, the folks at Red Hat provided a "proof by counter
example" with the recent MySQL 0-days
I would have expected Red Hat security folks to be on top of it,
especially with a high risk application such as a database that
accepts input from the network (some hand waiving since PHP is likely
in front of it).

I don't know anything about this vulnerability but your conclusion does not quite make sense. Software is evaluated for vulnerability at the source code level without consideration for the fortifications which were suggested.

I am suggesting that OS distributions know how to best fortify their systems and that fortification methods may vary with each OS release. This does not mean that application bugs should not be corrected.

Most of the the -z,blahblah options could be eliminated if the OS and toolchain were to arrange to do useful security things by default. They could do useful security things by default and flags could disable safeguards for rare code which needs to intentionally do the things guarded against.

Bob Friesenhahn
GraphicsMagick Maintainer,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]