4.3.13 -errsecurity=level
Use the -errsecurity option to check your code for security loopholes.
level must be one of the values shown in
the following table.
Table 4-5 The -errsecurity Flags
|
|
core
|
This level checks for source code constructs that are almost always either unsafe or difficult
to verify. Checks at this level include:
-
Use of variable format strings with the printf() and
scanf() family of functions
-
Use of unbounded string (%s) formats in
scanf() functions
-
Use of functions with no safe usage:
gets(),
cftime(),
ascftime(),
creat()
-
Incorrect use of open() with O_CREAT
Consider source code that produces warnings at this level to be a bug. The source code in
question should be changed. In all cases, straightforward safer alternatives are available.
|
standard
|
This level includes all checks from the core level plus constructs that might be safe but have
better alternatives available. This level is recommended when checking newly written code.
Additional checks at this level include:
-
Use of string copy functions other than
strlcpy()
-
Use of weak random number functions
-
Use of unsafe functions to generate temporary files
-
Use of
fopen() to create files
-
Use of functions that invoke the shell
Replace source code that produces warnings at this level with new or significantly modified
code. Balance addressing these warnings in legacy code against the risks of destabilizing the
application.
|
extended
|
This level contains the most complete set of checks, including everything from the core and
standard levels. In addition, a number of warnings are generated about constructs that may be unsafe
in some situations. The checks at this level are useful as an aid in reviewing code, but need not be
used as a standard with which acceptable source code must comply. Additional checks at this level
include:
-
Calls to
getc() or fgetc() inside a loop
-
Use of functions prone to pathname race conditions
-
Use of the
exec() family of functions
-
Race conditions between stat() and other functions
Review source code that produces warnings at this level to determine whether the potential
security issue is present.
|
%none
|
Disables -errsecurity checks
|
|
If you do not specify a setting for -errsecurity,
the lint sets it to -errsecurity=%none.
If you do specify -errsecurity but not an argument, the lint sets it to -errsecurity=standard.