[pkg-firebird-general] Bug#654793: firebird2.5: Hardeneng flags not fully enabled
Damyan Ivanov
dmn at debian.org
Sat Jan 7 08:58:31 UTC 2012
-=| Moritz Muehlenhoff, 05.01.2012 21:46:12 +0100 |=-
> I'm currently checking all packages, which had a DSA in the last
> year to enable hardened build flags. firebird2.5 has already been
> updated to use dpkg-buildflags, but I noticed that not all flags
> are fully in effect. You can use the hardening-check scripts from
> the package hardening includes:
>
> Out of the three hardening features from the Wheezy default set
> (protected stack, fortified source and relro) not all are fully
> applied, e.g.
>
> root at pisco:~# hardening-check /usr/sbin/fb_inet_server
> /usr/sbin/fb_inet_server:
> Stack protected: no, not found!
> Fortify Source functions: unknown, no protectable libc functions used
> Read-only relocations: yes
Just to make sure: we are aiming at having "yes" for these three,
right?
Does the "no protectable libc functions used" part mean that this item
is OK?
> The reason is likely that some parts of Firebird build system
> hardcode specific flags, which nullify the hardened build flags?
This is quite possible. I try to patch it already so that it accepts
things like optimization flags from the environment, but maybe the
linking rules need more work.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-firebird-general/attachments/20120107/6206a4ea/attachment.pgp>
More information about the pkg-firebird-general
mailing list