FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 05-17-2012, 03:39 PM
Joachim Wiedorn
 
Default Lintian warning hardening-no-stackprotector although compiled with hardening options

Hello Daniel,

[the appended logfile wasn't complete!]

Daniel Leidert wrote on 2012-05-17 17:25:

> So why does lintian give me those warnings and how can it be fixed?

I had the same problem with fox1.6. Please check your build log file
wether "-fstack-protector" is really inside.

I had found that in configure.ac CXXFLAGS will be reset at first.
Now I use this solution in configure.ac:

CXXFLAGS=${CXXFLAGS}
LDFLAGS=${LDFLAGS}

Perhaps you can use a similar solution.

---
Have a nice day.

Joachim (Germany)


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120517173943.4a36f1e6@jupiter.home">http://lists.debian.org/20120517173943.4a36f1e6@jupiter.home
 
Old 05-17-2012, 03:42 PM
Sven Joachim
 
Default Lintian warning hardening-no-stackprotector although compiled with hardening options

On 2012-05-17 17:25 +0200, Daniel Leidert wrote:

> The html-xml-utils package contains a bunch of small helper programs.
> I've chosen dh 9 compatibility level recently to enable hardening.
> However, I still get lintian warnings for 3 binaries. However all
> binaries are compiled and linked with the same flags. The only
> difference I see is, that the 3 binaries in question are made of only
> one object file, whereas all other binaries are linked together by two
> or more object files.
>
> So why does lintian give me those warnings

Probably your package does not allocate any character arrays on the
stack. See "lintian-info -t hardening-no-stackprotector" and
hardening-check(1).

> and how can it be fixed?

There needs to be a better way to detect if a program was built with
-fstack-protector, or the warning should be made experimental.
See also #673112.

Cheers,
Sven


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87likq24rg.fsf@turtle.gmx.de">http://lists.debian.org/87likq24rg.fsf@turtle.gmx.de
 
Old 05-17-2012, 08:12 PM
Russ Allbery
 
Default Lintian warning hardening-no-stackprotector although compiled with hardening options

Daniel Leidert <daniel.leidert.spam@gmx.net> writes:

> The html-xml-utils package contains a bunch of small helper programs.
> I've chosen dh 9 compatibility level recently to enable hardening.
> However, I still get lintian warnings for 3 binaries. However all
> binaries are compiled and linked with the same flags. The only
> difference I see is, that the 3 binaries in question are made of only
> one object file, whereas all other binaries are linked together by two
> or more object files.

> So why does lintian give me those warnings and how can it be fixed?

I think we may have to disable that check. There are just too many false
positives. Stack protection only happens if you allocate "large"
character arrays off the stack, and a lot of software just doesn't do
that. (One could argue that doing so is frequently bad coding style
compared to using dynamically allocated memory from the start. While not
all software that does this has arbitrary limits on things like input line
sizes, a lot of it does.)

--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 878vgqva5y.fsf@windlord.stanford.edu">http://lists.debian.org/878vgqva5y.fsf@windlord.stanford.edu
 

Thread Tools




All times are GMT. The time now is 07:47 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org