Package: hardening-includes Version: 1.26 Severity: normal hardening-check thinks that my program does not have stack protection and fortify source, but I am pretty sure it does:
$ hardening-check /usr/bin/tmux /usr/bin/tmux: Position Independent Executable: yes Stack protected: no, not found! Fortify Source functions: no, not found! Read-only relocations: yes Immediate binding: yes zsh: exit 1 hardening-check /usr/bin/tmux $ There seems to be a bug in the sed invocation used to filter readelf's output for RELOC_REPORT. The call used in hardening-wrapper 1.26 is: sed -e 's/ \([0-9]+\)$//g; s/.* //g; s/@.*//g;' The first expression (to remove the parenthesized number at eol) is buggy: sed is called with basic expression syntax, so the parentheses need not be escaped, and the + sign should be. It looks that you wanted to use extended regexp syntax, so adding -r to the sed call is necessary for the expression to match. Thanks, -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (900, 'unstable'), (850, 'testing'), (800, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
