nixpkgs docs: format hardening

1 files changed, 27 insertions, 0 deletions

diff --git a/doc/stdenv.xml b/doc/stdenv.xml
index f8d9acb2fb0..0c2bb033957 100644
--- a/doc/stdenv.xml
+++ b/doc/stdenv.xml
@@ -1317,6 +1317,33 @@ in the default system locations.</para>
 
 </section>
 
+<section xml:id="sec-hardening-in-nixpkgs"><title>Hardening in Nixpkgs</title>
+
+<para>By default some flags to harden packages at compile or link-time are set:</para>
+
+<variablelist>
+
+  <varlistentry>
+    <term><varname>hardening_format</varname></term>
+    <listitem><para>Adds the <option>-Wformat -Wformat-security
+    -Werror=format-security</option> compiler options. At present,
+    this warns about calls to printf and scanf functions where the
+    format string is not a string literal and there are no format
+    arguments, as in <literal>printf(foo);</literal>. This may be
+    a security hole if the format string came from untrusted input
+    and contains <literal>%n</literal>.</para>
+
+    <para>This needs to be turned off or fixed for errors similar to:</para>
+
+    <programlisting>
+/tmp/nix-build-zynaddsubfx-2.5.2.drv-0/zynaddsubfx-2.5.2/src/UI/guimain.cpp:571:28: error: format not a string literal and no format arguments [-Werror=format-security]
+         printf(help_message);
+                            ^
+cc1plus: some warnings being treated as errors
+    </programlisting></listitem>
+  </varlistentry>
+</variablelist>
+</section>
 
 </chapter>