Content deleted Content added
→Details: to take control of Instruction pointer (IP) of a process (described in a more detailed and technically form |
→Prevention: minor format change |
||
Line 18:
== Prevention ==
Many compilers can statically check format strings and produce warnings for dangerous or suspect formats. In [[GNU Compiler Collection|the GNU Compiler Collection]], the relevant compiler flags are, <code>-Wall</code>,<code>-Wformat</code>, <code>-Wno-format-extra-args</code>, <code>-Wformat-security</code>, <code>-Wformat-nonliteral</code>, and <code>-Wformat=2</code>.<ref>[https://gcc.gnu.org/onlinedocs/gcc-4.1.2/gcc/Warning-Options.html#Warning-Options Warning Options - Using the GNU Compiler Collection (GCC)<!-- Bot generated title -->]</ref>▼
▲In [[GNU Compiler Collection|the GNU Compiler Collection]], the relevant compiler flags are, <code>-Wall</code>,<code>-Wformat</code>, <code>-Wno-format-extra-args</code>, <code>-Wformat-security</code>, <code>-Wformat-nonliteral</code>, and <code>-Wformat=2</code>.<ref>[https://gcc.gnu.org/onlinedocs/gcc-4.1.2/gcc/Warning-Options.html#Warning-Options Warning Options - Using the GNU Compiler Collection (GCC)<!-- Bot generated title -->]</ref>
Most of these are only useful for detecting bad format strings that are known at compile-time. If the format string may come from the user or from a source external to the application, the application must validate the format string before using it. Care must also be taken if the application generates or selects format strings on the fly. If the GNU C library is used, the <code>-D_FORTIFY_SOURCE=2</code> parameter can be used to detect certain types of attacks occurring at run-time. The <code>-Wformat-nonliteral</code> check is more stringent.
| |||