[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ubuntu-devel
Subject:    compiler errors with fread/fwrite and fortify source
From:       kees () ubuntu ! com (Kees Cook)
Date:       2009-03-24 16:59:16
Message-ID: 20090324165916.GU7237 () outflux ! net
[Download RAW message or body]

Hi Matthias,

On Tue, Mar 24, 2009 at 11:04:14AM +0100, Matthias Klose wrote:
> Our current practice to fix this in packages is to either turn of -Werror, or
> patch the sources to introduce a dummy variable.  Proposing to remove the
> attribute for fwrite/fwrite_unlocked for jaunty.

I have no objection to this, and discovered the uselessness of unchecked
fclose during my UDS demonstration (i.e. fwrite would succeed, but fclose
would fail).  fwrite warnings without fprintf, fclose, etc warnings is not
sensible, and covering all of those would be way too noisy.

-Kees

-- 
Kees Cook
Ubuntu Security Team


[prev in list] [next in list] [prev in thread] [next in thread]