[hardening-discuss] Bug#801597: PIE and stack protection appear missing since update to GCC-5
Christopher Knadle
Chris.Knadle at coredump.us
Mon Oct 12 11:29:37 UTC 2015
Source: hardening-wrapper
Version: 2.7
Severity: important
It appears that the behavior of hardening-wrapper has changed recently, and
now PIE and stack protection are missing. mumble got a binNMU for the GCC-5
upgrade relating to library transitions for protobuf and zeroc-ice after which
these protections were missing where they had them before the binNMU.
Looking at the snapshot:
http://snapshot.debian.org/archive/debian/20141110T040546Z/pool/main/m/mumble/mumble_1.2.8-2_amd64.deb
mumble_1.2.8-2_amd64 hardening check:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: yes
Looking at Sid:
http://ftp.us.debian.org/debian/pool/main/m/mumble/mumble_1.2.8-2+b1_amd64.deb
mumble_1.2.8-2+b1_amd64 hardening check:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: yes
Reporting this as these are unexpected differences.
Also: is hardening-wrapper being deprecated? I ask because lintian is
reporting it as such. (See #711193)
Thanks.
-- Chris
Chris Knadle
Chris.Knadle at coredump.us
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
More information about the hardening-discuss
mailing list