Bug 14334 - [enhancement] Extend FORTIFY_SOURCE protection to other functions which accept formatted string argument
Summary: [enhancement] Extend FORTIFY_SOURCE protection to other functions which acce...
Status: NEW
Alias: None
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: unspecified
: P2 enhancement
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-07-06 09:43 UTC by Huzaifa Sidhpurwala
Modified: 2018-01-24 17:38 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Huzaifa Sidhpurwala 2012-07-06 09:43:20 UTC
A lot of projects use functions like warn() etc, which accept printf()-like format string arguments, but are not protected by FORTIFY_SOURCE.

I know a more likely solution would be to educate the developer to use other protected functions, but it would be really nice if we could extend FORTIFY_SOURCE to protect more functions.

Thanks.