On Tue, 26 Aug 2014 11:09:52 -0700 intrigeri@debian.org wrote: > Package: lintian > Version: 2.5.25 > Severity: wishlist > > Hi, > > Lintian has hardening-no-{stackprotector,fortify-functions,relro} > tags, which is great, since they are the default set of hardening > flags set by dpkg-buildflags these days. > > It would be great if PIE and bindnow could be checked to: it would > allow maintainers interested in hardening their stuff further to > easily track what the status is, and especially, to detect regressions > in this area. With my Tails and pkg-perl member hats on, I would be > happy to have this. > > Given PIE and bindnow are not set by default yet, I guess the > corresponding tags (presumably, hardening-no-{pie,bindnow}) should > have Severity = minor or wishlist. > > It seems that the hardening checking code supports PIE and bindnow > already, so all that's needed would be to add a tag, right? > > Thanks a *lot* for Lintian! > > Cheers, > -- > intrigeri > > The "bindnow" part is now in master (anticipated 2.5.40). The "pie" part needs a bit of work because enabling "pie" makes some tests FTBFS (notably gcc gets upset about building a "-static $PIE" binary). Thanks, ~Niels
Attachment:
signature.asc
Description: OpenPGP digital signature