Bug#759363: lintian: Please add tags for hardening no-pie and no-bindnow checks

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#759363: lintian: Please add tags for hardening no-pie and no-bindnow checks
From: intrigeri@debian.org
Date: Tue, 26 Aug 2014 11:09:52 -0700
Message-id: <[🔎] 85zjerf7gv.fsf@boum.org>
Reply-to: intrigeri@debian.org, 759363@bugs.debian.org

Package: lintian
Version: 2.5.25
Severity: wishlist

Hi,

Lintian has hardening-no-{stackprotector,fortify-functions,relro}
tags, which is great, since they are the default set of hardening
flags set by dpkg-buildflags these days.

It would be great if PIE and bindnow could be checked to: it would
allow maintainers interested in hardening their stuff further to
easily track what the status is, and especially, to detect regressions
in this area. With my Tails and pkg-perl member hats on, I would be
happy to have this.

Given PIE and bindnow are not set by default yet, I guess the
corresponding tags (presumably, hardening-no-{pie,bindnow}) should
have Severity = minor or wishlist.

It seems that the hardening checking code supports PIE and bindnow
already, so all that's needed would be to add a tag, right?

Thanks a *lot* for Lintian!

Cheers,
--
intrigeri

Reply to:

Prev by Date: Re: Bug#759329: libnet-dns-perl: lintian fails with "Too late to run INIT block"
Next by Date: Processed: Re: Bug#759329: libnet-dns-perl: lintian fails with "Too late to run INIT block"
Previous by thread: Processed: Re: Bug#759329: libnet-dns-perl: lintian fails with "Too late to run INIT block"
Next by thread: Bug#757579: [lintian] forcemerg
Index(es):
- Date
- Thread