About Ubuntu security

Kees Cook kees at ubuntu.com
Wed Aug 1 01:02:16 UTC 2007

On Tue, Jul 31, 2007 at 04:39:31PM -0700, Ng, Cheon-woei wrote:
> Another security option mentioned to me is to compile applications with
> this option: -D_FORTIFY_SOURCE=2.  

Correct (though it requires -O2 or higher too).  This solves another
class of sprintf-instead-of-snprintf bugs, by letting the compiler call
the size-limiting versions of functions when it knows the size of a
target buffer.  For example, this code:

int func(char *input)
    char buf[80];

    sprintf(buf,"stuff: %s\n",input);

is turned (at compile time) into:

int func(char *input)
    char buf[80];

    snprintf(buf,80,"stuff: %s\n",input);  /* this is now snprintf */

> Is this option part of gcc in Ubuntu?   

This needs to be changed on a per-package basis in Ubuntu at the moment,
but there are plans to create a more centralized set of compile-time
options when building the archive.  Some of the discussion is here:


Kees Cook
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20070731/36c00de4/attachment.pgp>

More information about the ubuntu-server mailing list