Processed: Re: Bug#702349: Info received (Bug#702349: lintian should not complain about hardening for package written in pure Ocaml)

Processing commands for cont...@bugs.debian.org: > block 702349 by 792502 Bug #702349 [lintian] lintian should not complain about hardening for package written in pure Ocaml 702349 was not blocked by any bugs. 702349 was not blocking any bugs. Added blocking bug(s) of 702349: 792502 > Thanks Stop

Re: Bug#702349: lintian should not complain about hardening for package written in pure Ocaml

Le 06/01/2014 16:24, Moritz Muehlenhoff a écrit : >> Le 05/03/2013 16:35, Niels Thykier a écrit : >>> Does ELF binaries produced by "pure" Ocaml have any distinct feature >>> that can be used to tell them apart from any other ELF binary? >> >> ELF binaries produced by the OCaml compiler always incl

Re: Bug#702349: lintian should not complain about hardening for package written in pure Ocaml

On Tue, Mar 05, 2013 at 08:57:01PM +0100, Stéphane Glondu wrote: > Le 05/03/2013 16:35, Niels Thykier a écrit : > > Does ELF binaries produced by "pure" Ocaml have any distinct feature > > that can be used to tell them apart from any other ELF binary? > > ELF binaries produced by the OCaml compile

Re: Bug#702349: lintian should not complain about hardening for package written in pure Ocaml

Le 06/03/2013 10:48, Hendrik Tews a écrit : >OCaml has a built-in notion of "unsafe" feature (see ocamlobjinfo >output) that could serve as a starting point for that. > > Yes, I tried this on > > let f b = > let a = "abcde" in > let c = Obj.magic b in > String.un

Re: Bug#702349: lintian should not complain about hardening for package written in pure Ocaml

Le 06/03/2013 09:37, Hendrik Tews a écrit : > In principle I agree, that programs written in a certain subset > of OCaml do not need these hardening features. However, at the > moment this safe subset is not even identified... OCaml has a built-in notion of "unsafe" feature (see ocamlobjinfo outpu

Re: Bug#702349: lintian should not complain about hardening for package written in pure Ocaml

OCaml has a built-in notion of "unsafe" feature (see ocamlobjinfo output) that could serve as a starting point for that. Yes, I tried this on let f b = let a = "abcde" in let c = Obj.magic b in String.unsafe_blit c 0 a 0 5 For the .cmo, ocamlobjinfo surprising

Re: Bug#702349: lintian should not complain about hardening for package written in pure Ocaml

Prach Pongpanich writes: lintian should not complain about hardening for package written in pure Ocaml [0],[1],[2] The problem is, that even pure OCaml contains enough features that may permit arbitrary memory corruptions by an attacker. For instance, String.unsafe_blit has no bounds check

Re: Bug#702349: lintian should not complain about hardening for package written in pure Ocaml

Le 05/03/2013 16:35, Niels Thykier a écrit : > Does ELF binaries produced by "pure" Ocaml have any distinct feature > that can be used to tell them apart from any other ELF binary? ELF binaries produced by the OCaml compiler always include a bit of C code (the runtime), so they are never actually

Re: Bug#702349: lintian should not complain about hardening for package written in pure Ocaml

On 2013-03-05 16:25, Prach Pongpanich wrote: > Package: lintian > > lintian should not complain about hardening for package written in > pure Ocaml [0],[1],[2] > > > [0] https://lists.debian.org/debian-ocaml-maint/2012/05/msg00091.html > [1] > http://lintian.debian.org/maintainer/debian-ocaml-m