Package: syslog-ng
Version: 3.3.1.dfsg-1
Severity: important
The syslog-ng/3.3.1.dfsg-1 changelog states:
* Build with Hardening enabled.
However, none of the default hardening flags for Wheezy are
activated, e.g.:
root@pisco:~# hardening-check /usr/sbin/syslog-ng /usr/bin/pdbtool
/usr/lib/syslog-ng/3.3.1/libsyslogformat.so
/usr/sbin/syslog-ng:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: no, no protected functions found!
Read-only relocations: no, not found!
Immediate binding: no not found!
/usr/bin/pdbtool:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: no, no protected functions found!
Read-only relocations: no, not found!
Immediate binding: no not found!
/usr/lib/syslog-ng/3.3.1/libsyslogformat.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, no protected functions found!
Read-only relocations: no, not found!
Immediate binding: no not found!
("Stack protected", "Fortify source" and "Read-only relocs"
should be activated)
You can test this with hardening-check from the hardening-includes
package.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
