Re: Hardening code during polyorb packaging

To: Nicolas Boulenguez <nicolas.boulenguez@free.fr>
Cc: debian-ada@lists.debian.org
Subject: Re: Hardening code during polyorb packaging
From: xavier grave <xavier.grave@ipno.in2p3.fr>
Date: Fri, 18 May 2012 18:22:57 +0200
Message-id: <[🔎] 4FB67761.7090503@ipno.in2p3.fr>
Reply-to: xavier.grave@ipno.in2p3.fr
In-reply-to: <[🔎] 20120516184417.GA9422@pegase>
References: <[🔎] 4FB39DF9.30109@ipno.in2p3.fr> <[🔎] 20120516184417.GA9422@pegase>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 16/05/2012 20:44, Nicolas Boulenguez a écrit :
> On Wed, May 16, 2012 at 02:30:49PM +0200, Xavier Grave wrote:
> 
>> A first look at the dpkg-buildflags output :
>> CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
>> - -Werror=format-security
>> isn't really probing for Ada coding.
> 
>> Does anyone already played/experimented with this kind of options with
>> Ada code ? I suspect part of it doesn't really make sense for Ada...
> 
> (control)
> Build-Depends: dh-ada-library
> 
> (rules)
> include /usr/share/dpkg/buildflags.mk
> # (or default.mk that sets many other useful variables)
> include /usr/share/ada/debian-packaging.mk
> 
> Please take a quick look at both sources, then
> 
> gnatmake $(BUILDER_OPTIONS) -gnatc -$(ADAFLAGS) -gnatl $(LDFLAGS)
> (-gnatg to add gnatmake options)
> 
> You may also use a project file containing
> 
>   package Compiler is
>      for Default_Switches ("Ada") use External_As_List ("ADAFLAGS", " ");
>      for Default_Switches ("C") use External_As_List ("CFLAGS", " ");
>   end Compiler;
>   package Linker is
>      for Default_Switches ("Ada") use External_As_List ("LDFLAGS", " ");
>   end Linker;
> 
> but note that setting these options in the project will make gprbuild
> ignore -gnatc -gnatl on the command line.

Hi,

I'm playing with the flags that dh-ada-library provides. For the
binaries it works great, but I still have some problem with the
generation of shared library with gpr file projects. It doesn't take
into account the Linker part of the project. So I still have
hardening-no-fortify-functions and hardening-no-relro problems whith the
shared library produced for polyorb.

Any advices ?
Thanks in advance, xavier
PS: a first version of polyorb package stuff without the hardening is
available at www.ada-france.org
org.debian.polyorb, rev 74dc9057a1774afff7e146f764fae3136d3f3c05
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPtndfAAoJEG3iFwasTcfaajAP/RjBYGvMDhy0PJUqNq+3WAvk
EJYqHwhJlM1ooePk6i1Zor8uYTaYJdjm+oC+ugD8EldeslFpuZdQNjIXWzngT3+u
R4N3ZI6WJeyJ6Sqjm/oHZeCL4S7mJ8p8xB4bA9vlJK9+9RNZxTkT/xjc2xRSvw+T
/FCBjgOdS02t10PJJTofEJZzGC+Jx40irP5UKCkwm+zsLKLkwHTY18mJsWC/+M8h
t8nQpeF1E5QHgLPomgQGbise5480NsdGAhd3wGAbjowGXtSXsl2AmhPihbx10PJj
8/fV1laNRCSu45MSGwz2QWMkw0SCNnIlbaZWUG0vgdwkauAbE7kQc8N2NL1KGpim
l0gTFGOOuAPTamiVotA741M0PWiunDwGdkftJH9cfiQAynsCKVwsPb4ZyAg7mA4l
YA0tH9CwasZsnmjbymJFv/2a7KGnWDVHRrRoyjwo3ByjMTkueh6MMCIcuhhA+OF7
NrQDZXmwU0PqVyytR5sPG76q7OuMwwGjD33tQfzw0jyxgYy8q6GbSsS7ph/vf3ZX
9CfxH1htWfcTPQDCCb53qpzclkXmY3fgCJu2gnWY7HHgfqdJ2gdGaZMDXTbfhSIY
hDZjvfhVTJnjbTVP7f9fumb5J904aMdmpvRpJkQDbm+EK/fJMpIxQDbFPY/TOJXE
jRpzOusj6aTb/sg+1X70
=2D/o
-----END PGP SIGNATURE-----

Reply to:

References:
- Hardening code during polyorb packaging
  - From: Xavier Grave <xavier.grave@ipno.in2p3.fr>
- Re: Hardening code during polyorb packaging
  - From: Nicolas Boulenguez <nicolas.boulenguez@free.fr>

Prev by Date: Re: Hardening code during polyorb packaging
Next by Date: Re: RFS: polyorb/2.8~20110207-1
Previous by thread: Re: Hardening code during polyorb packaging
Next by thread: Re: RFS: anet/0.1-1 [ITP] -- Ada networking library
Index(es):
- Date
- Thread