perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Niko Tyni <>
Subject Re: Bug#661540: libapache2-mod-perl2: FTBFS with hardening flags enabled: -Werror=format-security
Date Mon, 12 Mar 2012 14:26:30 GMT
On Mon, Mar 12, 2012 at 02:58:05PM +0100, Torsten Förtsch wrote:
> On Friday, 09 March 2012 22:50:33 Niko Tyni wrote:
> > The two usage warnings use constant strings so
> > they seem safe,
> They are safe since the "usage" variable is constant and does not contain any 
> %-sequences. I do not see the need to fix anything here. What do I miss?

The fact that gcc can't see this and so building with
-Werror=format-security fails. Consider that part of the patch as
silencing false positive warnings.

> > but I'm afraid I can't tell whether this is the case
> > for ERRSV in the mpxs_cleanup_run() phase.
> These occasions are fixed as of revision 1299669 as described in my previous 
> mail.


Can you think of a scenario where an attacker could inject format
sequences to ERRSV? That would make earlier releases vulnerable.
Niko Tyni

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message