On Tue, May 29, 2012 at 07:24:46PM +1200, Francois Marier wrote: > Thanks for catching that. I've fixed it in git: > > http://anonscm.debian.org/gitweb/?p=collab-maint/letterize.git > > and now it includes the right options on the build line: > > gcc -o letterize -g -O2 -fstack-protector --param=ssp-buffer-size=4 > -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro letterize.c
Thank you for fixing it so quickly. > However, the check tool is still reporting a problem: > > /usr/bin/letterize: > Position Independent Executable: no, normal executable! > Stack protected: no, not found! > Fortify Source functions: unknown, no protectable libc functions used > Read-only relocations: yes > Immediate binding: no, not found! > > This is a one-file program, so I'm not quite sure what else I can tweak... That's fine, hardening-check has a few false positives. Check [1] for details. Regards, Simon [1]: https://wiki.debian.org/HardeningWalkthrough#Testing_your_packages_after_conversion -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9
pgpHevFthMHDQ.pgp
Description: PGP signature
