On Sun, Feb 19, 2012 at 04:39:38PM +0100, Simon Ruderich wrote: > > Dear Maintainer, > > It looks like the hardening flags weren't applied in 1.42.1-1. > For example: > > $ hardening-check /sbin/fsck.ext4 > /sbin/fsck.ext4: > Position Independent Executable: no, normal executable! > Stack protected: no, not found! > Fortify Source functions: no, only unprotected functions found! > Read-only relocations: no, not found! > Immediate binding: no not found! > > I'm not sure why the if construct doesn't work correctly, but the > original patch from Moritz should also work if dpkg-buildflags > doesn't exist (the flags are empty in that case).
I don't understand, but it looks like the hardening flags are being passed, but either (a) they are't correct, or (b) they seemingly have no effect. Can you help me? What have I missed? Thanks, - Ted <ty...@tytso-glaptop.cam.corp.google.com> {/kbuild/debian/e2fsprogs-1.42.1} 528% /bin/rm debian/BUILD-STD/e2fsck/pass1.o <ty...@tytso-glaptop.cam.corp.google.com> {/kbuild/debian/e2fsprogs-1.42.1} 529% make -C debian/BUILD-STD/e2fsck V=1 make: Entering directory `/kbuild/debian/e2fsprogs-1.42.1/debian/BUILD-STD/e2fsck' gcc -c -I. -I../lib -I/kbuild/debian/e2fsprogs-1.42.1/lib -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D__NO_STRING_INLINES /kbuild/debian/e2fsprogs-1.42.1/e2fsck/pass1.c -o pass1.o gcc -Wl,-z,relro -Wl,-rpath-link,../lib -rdynamic -o e2fsck crc32.o dict.o unix.o e2fsck.o super.o pass1.o pass1b.o pass2.o pass3.o pass4.o pass5.o journal.o badblocks.o util.o dirinfo.o dx_dirinfo.o ehandler.o problem.o message.o quota.o recovery.o region.o revoke.o ea_refcount.o rehash.o profile.o prof_err.o sigcatcher.o ../lib/libquota.a ../lib/libext2fs.so ../lib/libcom_err.so -lblkid -luuid ../lib/libe2p.so make: Leaving directory `/kbuild/debian/e2fsprogs-1.42.1/debian/BUILD-STD/e2fsck' <ty...@tytso-glaptop.cam.corp.google.com> {/kbuild/debian/e2fsprogs-1.42.1} 530% hardening-check debian/BUILD-STD/e2fsck/e2fsck debian/BUILD-STD/e2fsck/e2fsck: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no not found! <ty...@tytso-glaptop.cam.corp.google.com> {/kbuild/debian/e2fsprogs-1.42.1} 531% dpkg-buildflags CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security CPPFLAGS=-D_FORTIFY_SOURCE=2 CXXFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security FFLAGS=-g -O2 LDFLAGS=-Wl,-z,relro <ty...@tytso-glaptop.cam.corp.google.com> {/kbuild/debian/e2fsprogs-1.42.1} 532% gcc --version gcc (Debian 4.6.2-14) 4.6.2 Copyright (C) 2011 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org