On Tue, 26 Aug 2014 11:09:52 -0700 intrigeri@debian.org wrote:
> Package: lintian
> Version: 2.5.25
> Severity: wishlist
>
> Hi,
>
> Lintian has hardening-no-{stackprotector,fortify-functions,relro}
> tags, which is great, since they are the default set of hardening
> flags set by dpkg-buildflags these days.
>
> It would be great if PIE and bindnow could be checked to: it would
> allow maintainers interested in hardening their stuff further to
> easily track what the status is, and especially, to detect regressions
> in this area. With my Tails and pkg-perl member hats on, I would be
> happy to have this.
>
> Given PIE and bindnow are not set by default yet, I guess the
> corresponding tags (presumably, hardening-no-{pie,bindnow}) should
> have Severity = minor or wishlist.
>
> It seems that the hardening checking code supports PIE and bindnow
> already, so all that's needed would be to add a tag, right?
>
> Thanks a *lot* for Lintian!
>
> Cheers,
> --
> intrigeri
>
>
The "bindnow" part is now in master (anticipated 2.5.40). The "pie"
part needs a bit of work because enabling "pie" makes some tests FTBFS
(notably gcc gets upset about building a "-static $PIE" binary).
Thanks,
~Niels
Attachment:
signature.asc
Description: OpenPGP digital signature