[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dpkg man page 査読依頼 (20111030)

From: victory <victory.deb@xxxxxxxxx>
Subject: Re: dpkg man page 査読依頼 (20111030)
Date: Mon, 31 Oct 2011 14:03:53 +0900
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=YTsTHCOF1X/MPE81TspDU5Cuvyv2r6w0MhVWYJZ926Y=; b=azofHpi+zcDehlksazlTKUVhJzvqFSJ2+C+gvC6grx+N/E6CH7Cky/oQaEz84ldNWf JRG+5TBMnd2Jd0+DI43wQEM5soj0UnBZ6hyNL9X3LCLfQBiicLbzmrIgqCtEvebiQSil GeWSNojPffiLaqkzYBX8l+7TxfVttCKhN1zzM=
List-help: <mailto:debian-doc-ctl@debian.or.jp?body=help>
List-id: debian-doc.debian.or.jp
List-owner: <mailto:debian-doc-admin@debian.or.jp>
List-post: <mailto:debian-doc@debian.or.jp>
List-software: fml [fml 4.0.3 release (20011202/4.0.3)]
List-unsubscribe: <mailto:debian-doc-ctl@debian.or.jp?body=unsubscribe>
X-ml-info: If you have a question, send e-mail with the body "help" (without quotes) to the address debian-doc-ctl@debian.or.jp; help=<mailto:debian-doc-ctl@debian.or.jp?body=help>
X-ml-name: debian-doc
X-mlserver: fml [fml 4.0.3 release (20011202/4.0.3)]; post only (only members can post)
X-spam-checker-version: SpamAssassin 3.2.5 (2008-06-10) on osdn.debian.or.jp
X-spam-level:
X-spam-status: No, score=-3.4 required=10.0 tests=KI,RCVD_IN_DNSWL_LOW autolearn=disabled version=3.2.5
References: <20111030.214537.74737305.monyo@xxxxxxxxx> <20111030130114.022A71A77E5@xxxxxxxxxxxxxxxxxxxx> <20111030.221743.41655709.monyo@xxxxxxxxx> <20111031.032846.74716727.monyo@xxxxxxxxx>
Message-id: <20111031140347.904e9b97.victory.deb@xxxxxxxxx>
X-mail-count: 07286
X-mailer: Sylpheed 3.1.1 (GTK+ 2.10.14; i686-pc-mingw32)

On Mon, 31 Oct 2011 03:28:47 +0900
TAKAHASHI Motonobu wrote:

> #. type: Plain text
> #: dpkg-buildflags.1:198
> msgid ""
> "This setting (enabled by default) adds B<-Wformat -Wformat-security -"
> "Werror=format-security> to B<CFLAGS> and B<CXXFLAGS>. This will warn about "
> "improper format string uses, and will fail when format functions are used in "
> "a way that that represent possible security problems. At present, this warns "
> "about calls to B<printf> and B<scanf> functions where the format string is "
> "not a string literal and there are no format arguments, as in B<printf(foo);"
> "> instead of B<printf(\"%s\", foo);> This may be a security hole if the "
> "format string came from untrusted input and contains \"%n\"."
> msgstr ""
> "この設定 (デフォルト有効) により、B<CFLAGS> および B<CXXFLAGS> に"
> " B<-Wformat -Wformat-security -Werror=format-security> が追加される。"
> "これにより、不適切なフォーマット文字列の使用に関する警告が行われ、"
> "フォーマット関数が潜在的にセキュリティ問題を引き起こすような使用をされて"
> "いる場合に処理を失敗させる。"

At present以降抜けてるぽい

> #. type: Plain text
> #: dpkg-buildflags.1:210
> "This is especially useful for old, crufty code.  Additionally, format "
> "strings in writable memory that contain '%n' are blocked. If an application "
> "depends on such a format string, it will need to be worked around."
> "これは、古い汚いコードには特に有用である。これに加えて、'%n' を含む、"
> "メモリに書き込みを行うフォーマット文字列が抑止される。アプリケーションが"
> "こうしたフォーマット文字列に依存している場合は、個別に対処する必要がある。"

これに加え、メモリに書き込みを行うフォーマット文字列に '%n' を含むものが抑止される

> #. type: Plain text
> #: dpkg-buildflags.1:222
> "vulnerabilities into denial of service or into non-issues (depending on the "
> "サービス拒否に留めたり、問題の発生を抑止したりすることができる。"

無力化とかでもいいかも

-- 
victory
no need to CC me :-)
http://userscripts.org/scripts/show/102724

Follow-Ups:
- Re: dpkg man page 査読依頼 (20111030)
  - From: Seiji Kaneko

References:
- Re: dpkg man page 翻訳の今後について
  - From: TAKAHASHI Motonobu
- Re: dpkg man page 翻訳の今後について
  - From: Kenshi Muto
- Re: dpkg man page 翻訳の今後について
  - From: TAKAHASHI Motonobu
- dpkg man page 査読依頼 (20111030)
  - From: TAKAHASHI Motonobu

Prev by Date: dpkg man page 査読依頼 (20111030)
Next by Date: Re: dpkg man page 査読依頼 (20111030)
Previous by thread: dpkg man page 査読依頼 (20111030)
Next by thread: Re: dpkg man page 査読依頼 (20111030)
Index(es):
- Date
- Thread