[pkg-firebird-general] Bug#654793: firebird2.5: Hardeneng flags not fully enabled

Damyan Ivanov dmn at debian.org
Sat Jan 7 08:58:31 UTC 2012

-=| Moritz Muehlenhoff, 05.01.2012 21:46:12 +0100 |=-
> I'm currently checking all packages, which had a DSA in the last
> year to enable hardened build flags. firebird2.5 has already been
> updated to use dpkg-buildflags, but I noticed that not all flags
> are fully in effect. You can use the hardening-check scripts from
> the package hardening includes:
> Out of the three hardening features from the Wheezy default set
> (protected stack, fortified source and relro) not all are fully
> applied, e.g.
> root at pisco:~# hardening-check /usr/sbin/fb_inet_server
> /usr/sbin/fb_inet_server:
>  Stack protected: no, not found!
>  Fortify Source functions: unknown, no protectable libc functions used
>  Read-only relocations: yes

Just to make sure: we are aiming at having "yes" for these three, 

Does the "no protectable libc functions used" part mean that this item 
is OK?

> The reason is likely that some parts of Firebird build system 
> hardcode specific flags, which nullify the hardened build flags?

This is quite possible. I try to patch it already so that it accepts 
things like optimization flags from the environment, but maybe the 
linking rules need more work.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-firebird-general/attachments/20120107/6206a4ea/attachment.pgp>

More information about the pkg-firebird-general mailing list