Oracle® Solaris Studio 12.4: C User's Guide

Exit Print View

Updated: March 2015
 
 

4.3.13 -errsecurity=level

Use the -errsecurity option to check your code for security loopholes.

level must be one of the values shown in the following table.

Table 4-5  The -errsecurity Flags
level Value
Meaning
core
This level checks for source code constructs that are almost always either unsafe or difficult to verify. Checks at this level include:
  • Use of variable format strings with the printf() and scanf() family of functions

  • Use of unbounded string (%s) formats in scanf() functions

  • Use of functions with no safe usage: gets(), cftime(), ascftime(), creat()

  • Incorrect use of open() with O_CREAT

    Consider source code that produces warnings at this level to be a bug. The source code in question should be changed. In all cases, straightforward safer alternatives are available.

standard
This level includes all checks from the core level plus constructs that might be safe but have better alternatives available. This level is recommended when checking newly written code. Additional checks at this level include:
  • Use of string copy functions other than strlcpy()

  • Use of weak random number functions

  • Use of unsafe functions to generate temporary files

  • Use of fopen() to create files

  • Use of functions that invoke the shell

    Replace source code that produces warnings at this level with new or significantly modified code. Balance addressing these warnings in legacy code against the risks of destabilizing the application.

extended
This level contains the most complete set of checks, including everything from the core and standard levels. In addition, a number of warnings are generated about constructs that may be unsafe in some situations. The checks at this level are useful as an aid in reviewing code, but need not be used as a standard with which acceptable source code must comply. Additional checks at this level include:
  • Calls to getc() or fgetc() inside a loop

  • Use of functions prone to pathname race conditions

  • Use of the exec() family of functions

  • Race conditions between stat() and other functions

    Review source code that produces warnings at this level to determine whether the potential security issue is present.

%none
Disables -errsecurity checks

If you do not specify a setting for -errsecurity, the lint sets it to -errsecurity=%none. If you do specify -errsecurity but not an argument, the lint sets it to -errsecurity=standard.