Hello
>My guess is that there is a compiler option that warns about format >errors which is treated as an error because of another option and both >are not activated in our default build but they are on the debian build. >I thought it's a compiler vresion issue but my gcc 6 doesn't even warn >me about this. The travis build uses gcc 4 I think. yes, >> arguments [-Werror=format-security] this means that without that string formatter you can inject code into the binary and fork e.g. a bash shell or anything you want. I don't know why gcc don't turn this by default on, because it is a clear and simple security issue https://www.owasp.org/index.php/Format_string_attack G. _______________________________________________ boinc_dev mailing list boinc_dev@ssl.berkeley.edu https://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
