On Sun, Feb 19, 2012 at 04:39:38PM +0100, Simon Ruderich wrote:
>
> Dear Maintainer,
>
> It looks like the hardening flags weren't applied in 1.42.1-1.
> For example:
>
> $ hardening-check /sbin/fsck.ext4
> /sbin/fsck.ext4:
> Position Independent Executable: no, normal executable!
> Stack protected: no, not found!
> Fortify Source functions: no, only unprotected functions found!
> Read-only relocations: no, not found!
> Immediate binding: no not found!
>
> I'm not sure why the if construct doesn't work correctly, but the
> original patch from Moritz should also work if dpkg-buildflags
> doesn't exist (the flags are empty in that case).
I don't understand, but it looks like the hardening flags are being
passed, but either (a) they are't correct, or (b) they seemingly have
no effect. Can you help me? What have I missed?
Thanks,
- Ted
<ty...@tytso-glaptop.cam.corp.google.com> {/kbuild/debian/e2fsprogs-1.42.1}
528% /bin/rm debian/BUILD-STD/e2fsck/pass1.o
<ty...@tytso-glaptop.cam.corp.google.com> {/kbuild/debian/e2fsprogs-1.42.1}
529% make -C debian/BUILD-STD/e2fsck V=1
make: Entering directory
`/kbuild/debian/e2fsprogs-1.42.1/debian/BUILD-STD/e2fsck'
gcc -c -I. -I../lib -I/kbuild/debian/e2fsprogs-1.42.1/lib -D_FORTIFY_SOURCE=2
-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security
-Werror=format-security -D__NO_STRING_INLINES
/kbuild/debian/e2fsprogs-1.42.1/e2fsck/pass1.c -o pass1.o
gcc -Wl,-z,relro -Wl,-rpath-link,../lib -rdynamic -o e2fsck crc32.o dict.o
unix.o e2fsck.o super.o pass1.o pass1b.o pass2.o pass3.o pass4.o pass5.o
journal.o badblocks.o util.o dirinfo.o dx_dirinfo.o ehandler.o problem.o
message.o quota.o recovery.o region.o revoke.o ea_refcount.o rehash.o profile.o
prof_err.o sigcatcher.o ../lib/libquota.a ../lib/libext2fs.so
../lib/libcom_err.so -lblkid -luuid ../lib/libe2p.so
make: Leaving directory
`/kbuild/debian/e2fsprogs-1.42.1/debian/BUILD-STD/e2fsck'
<ty...@tytso-glaptop.cam.corp.google.com> {/kbuild/debian/e2fsprogs-1.42.1}
530% hardening-check debian/BUILD-STD/e2fsck/e2fsck
debian/BUILD-STD/e2fsck/e2fsck:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no not found!
<ty...@tytso-glaptop.cam.corp.google.com> {/kbuild/debian/e2fsprogs-1.42.1}
531% dpkg-buildflags
CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Wformat-security -Werror=format-security
CPPFLAGS=-D_FORTIFY_SOURCE=2
CXXFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Wformat-security -Werror=format-security
FFLAGS=-g -O2
LDFLAGS=-Wl,-z,relro
<ty...@tytso-glaptop.cam.corp.google.com> {/kbuild/debian/e2fsprogs-1.42.1}
532% gcc --version
gcc (Debian 4.6.2-14) 4.6.2
Copyright (C) 2011 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
