From 7fac9594c41ab180979bdf5927ff7f7e1d13a9e9 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Fri, 31 Oct 2014 10:10:37 +0000 Subject: In response to a public outcry the strings program now defaults to using the --all option which displays text from anywhere in the input file(s). The default used to be --data, which only displays text from loadable data sections, but this requires the use of the BFD library. Since the BFD library almost certainly still contains buffer overrun and/or memory corruption bugs, and since the strings program is often used to examine malicious code, it was decided that the --data option option represents a possible security risk. * strings.c: Add new command line option --data to only scan the initialized, loadable data secions of binaries. Choose the default behaviour of --all or --data based upon a configure option. * doc/binutils.texi (strings): Update documentation. Include description of why the --data option might be unsafe. * configure.ac: Add new option --disable-default-strings-all which restores the old behaviour of strings using --data by default. If the option is not used make strings use --all by default. * NEWS: Mention the new behaviour of strings. * configure: Regenerate. * config.in: Regenerate. --- binutils/config.in | 3 +++ 1 file changed, 3 insertions(+) (limited to 'binutils/config.in') diff --git a/binutils/config.in b/binutils/config.in index d43b748..076f514 100644 --- a/binutils/config.in +++ b/binutils/config.in @@ -18,6 +18,9 @@ /* Should ar and ranlib use -D behavior by default? */ #undef DEFAULT_AR_DETERMINISTIC +/* Should strings use -a behavior by default? */ +#undef DEFAULT_STRINGS_ALL + /* Define to 1 if translation of program messages to the user's native language is requested. */ #undef ENABLE_NLS -- cgit v1.1