Bug#650536: update!
On 2012-03-11 13:37, Kees Cook wrote:
> On Sun, Mar 11, 2012 at 12:16:09AM +0100, Niels Thykier wrote:
>> I have bumped the debhelper standard test suite to use compat 9 by
>> default. I doubt it will fix all the failures we saw, but at least the
>> standard flags are enabled by default.
>
> When I was playing with it, this solved a lot but not all of them. Doesn't
> this pose an unbackportable change though? I didn't think compat 9
> existed in Squeeze.
>
It does not, but debhelper 9 has been backported already, so we can rely
on it.
In fact, we already needed debhelper 9 due to t/tests/debhelper-dh-exec,
but I apparently forgot to bump the depends back then...
> [...]
>>> - build internal hardening test for all archs (hook to generate tags file)
>>> - fix other lintian internal tests to work with hardening check
>>
>> This part still needs some work though.
>>
>> I suspect it might be a good idea to try the test suite on some
>> different architectures at some point. These
>
> Cool, I'll spend some time on the branch getting any stragglers building
> correctly.
>
Much appreciated.
>> Last I checked we still have an "outstanding issue" hardening-check
>> using ldd, which I am not certain will work with "foreign" binaries (see
>> comment #39). I suspect it will mostly affect people who do
>> cross-builds and lintian.d.o[2].
>
> Yeah, I was just starting to notice this. Inspired by the data file idea, I
> think I might do the same for hardening-check and have it build the list of
> functions at build-time. I can check if a binary is using libc without
> running ldd, and I only needed ldd to generate the function list dynamically.
> If it's static, things are faster and more portable. It'll just need updating
> from time to time when anything major happens with eglibc.
>
> -Kees
>
Sounds good. :)
~Niels
Reply to: