On 30.08.2012 21:33, Juhani Numminen wrote: > 2012/8/29 Boris Pek <Tehnick-8@yandex.ru>: >>> The package has a Lintian warning: W: fortuner: >>> hardening-no-fortify-functions usr/games/fortuner. How should that be >>> treated? >> >> http://wiki.debian.org/Hardening >> >> Note: Lintian can generate false positive here. So you should check it manually. > > I can't solve this myself, if you have knowledge of this subject > please take a look. > Looks like the build flags are already there, even if I'm not using > anything flags-thing in debian/rules. However, I get the following > results: > > $ hardening-check debian/fortuner/usr/games/fortuner > debian/fortuner/usr/games/fortuner: > Position Independent Executable: no, normal executable! > Stack protected: yes > Fortify Source functions: no, only unprotected functions found! > Read-only relocations: yes > Immediate binding: no, not found! Hi Juhani, i'm working on a debian package myself at the moment and i think the recommended way to implement hardening is to use dpkg-buildflags. http://wiki.debian.org/HardeningWalkthrough In case you're using debhelper 9 (compat level 9) you can simply put a line like this at the top of debian/rules export DEB_BUILD_MAINT_OPTIONS = hardening=+all Then you could also refrain from using DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/buildflags.mk CFLAGS += -Wextra If you discover a lintian warning again, you can look up more information for example at http://lintian.debian.org/tags/hardening-no-fortify-functions.html As Boris mentioned before lintian can produce false positives thus you should investigate carefully again if "hardening=+all" isn't working as intended. Cheers Markus
Attachment:
signature.asc
Description: OpenPGP digital signature