Source: firebird2.5 Severity: important Hi, I'm currently checking all packages, which had a DSA in the last year to enable hardened build flags. firebird2.5 has already been updated to use dpkg-buildflags, but I noticed that not all flags are fully in effect. You can use the hardening-check scripts from the package hardening includes:
Out of the three hardening features from the Wheezy default set (protected stack, fortified source and relro) not all are fully applied, e.g. root@pisco:~# hardening-check /usr/sbin/fb_inet_server /usr/sbin/fb_inet_server: Stack protected: no, not found! Fortify Source functions: unknown, no protectable libc functions used Read-only relocations: yes root@pisco:~# hardening-check /usr/bin/fbsvcmgr /usr/bin/fbsvcmgr: Stack protected: yes Fortify Source functions: no, no protected functions found! Read-only relocations: yes root@pisco:~# hardening-check /usr/lib/x86_64-linux-gnu/libfbclient.so.2.5.2 /usr/lib/x86_64-linux-gnu/libfbclient.so.2.5.2: Stack protected: yes Fortify Source functions: no, no protected functions found! Read-only relocations: yes The reason is likely that some parts of Firebird build system hardcode specific flags, which nullify the hardened build flags? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org