Fedora Will Better Secure Its Packages
Written by Michael Larabel in Fedora on 28 November 2013 at 12:25 AM EST. 1 Comment
The Fedora Engineering and Steering Committee (FESCo) has voted in favor of making a change to its packaging system that affects the compiler flags for how the RPM packages are built and will further improve the security of Fedora packages.

The change approved at Wednesday's FESCo meeting is around the Format Security feature and involves adding the "-Werror=format-security" compilation flag for all packages in the Fedora repository.

With "-Werror=format-security" set, the GNU Compiler Collection will treat code that's vulnerable to a string format security flaw as a compiler error and fail to build the package. New potential security issues are now prevented from building and entering the Fedora repository, but the upstream code now has to be more careful and ensure they treat handling their strings accordingly.

The Fedora Wiki says there are around 400 packages that will run into problems if this compiler flag is enabled. Yesterday's FESCo meeting minutes notes "AGREED: Give the go-ahead to mass-file bugs (+5,-0,0)" in regards to enabling the "-Werror=format-security" feature of GCC.
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the web-site in 2004 with a focus on enriching the Linux hardware experience and being the largest web-site devoted to Linux hardware reviews, particularly for products relevant to Linux gamers and enthusiasts but also commonly reviewing servers/workstations and embedded Linux devices. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics hardware drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated testing software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Related Fedora News
Popular News
Trending Reviews & Featured Articles