On Mon, Mar 26, 2012 at 08:44:32PM +0300, Damyan Ivanov wrote: > The two binaries that the patch fixes are used only during the build > process and aren't shipped in the resulting binary packages. The first > part of the patch is about the program that creates ibase.h header > file, and the other is the custom-built syntax parser that is later > used during the build. > > Both of these never see user input or any external data. Their only > input is what the build system gives them. > > Is there any proof that the missing hardening flags are a real > problem?
In that case it's not a real (security) problem. Sorry for the wrong severity, I didn't check if they are just used during the build. But it should be fixed anyway to make automatic checks to detect missing (hardening) flags of build logs possible and to prevent problems in the future. Regards, Simon -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9
pgpirSje2Ancu.pgp
Description: PGP signature