On Thu, Jun 30, 2016 at 02:59:39PM +0000, Niels Thykier wrote: > Jose M Calhariz: > > Hi, > > > > I am investigating why I can turn off the lintian information > > hardening-no-fortify-functions. In the beginning of my debian/rules I > > have: > > > > export DEB_BUILD_MAINT_OPTIONS=hardening=+all > > > > What I am doing wrong? > > How can I debug if the hardening is really on the binaries? > > > > The complete lintian messages from at package is: > > > > lintian -I --pedantic at_3.1.20-1_amd64.changes > > P: at source: debian-watch-may-check-gpg-signature > > I: at: hardening-no-fortify-functions usr/bin/at > > I: at: hardening-no-fortify-functions usr/sbin/atd > > N: 4 tags overridden (4 warnings) > > > > > > Hi Jose, > > Please verify that the CPPFLAGS are passed to the compiler (a lot of > build systems fail to pass exactly CPPFLAGS on). The general > recommendation is to use "blhc" for this purpose. > > If you pass CPPFLAGS on correctly, then there is nothing more you can > do. There are some known false-positives (the actual tool checking is > "hardening-check"), which cannot be fixed. You may want to override the > tags if this is the case. >
hardening-check at atd at: Position Independent Executable: yes Stack protected: yes Fortify Source functions: no, only unprotected functions found! Read-only relocations: yes Immediate binding: yes atd: Position Independent Executable: yes Stack protected: yes Fortify Source functions: no, only unprotected functions found! Read-only relocations: yes Immediate binding: yes I think from this and: gcc -c -I. -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -DHAVE_CONFIG_H -DVERSION=\"3.1.19\" -DETCDIR=\"/etc\" -DLOADAVG_MX=1.5 -DDAEMON_USERNAME=\"daemon\" -DDAEMON_GROUPNAME=\"daemon\" -DLFILE=\"/var/spool/cron/atjobs/.SEQ\" -Wall at.c The flags are enabled and most protections are in place, right? Is this a false positive? > Thanks, > ~Niels > > > Kind regards Jose M Calhariz -- -- Por açúcar nas feridas é tão ruim quanto pôr sal --Yevgeny Yevtushenko
signature.asc
Description: Digital signature
