Bug#837548: lintian: Should warn about PE/Windows binaries lacking security features
Package: lintian
Version: 2.5.46
Severity: wishlist
There are some Windows binaries in Debian. For example the installer
ISOs include a Windows installer, but also other packages include these
PE binaries. And these days, Windows binaries should have security
features enabled by default. But not all of them do, and I believe
lintian should detect and warn if we discribute PE binaries without
these features enabled.
Here is an example using a 15 year old binary I had lying around:
% file WirelessCom2.exe
WirelessCom2.exe: PE32 executable (console) Intel 80386, for MS Windows
% pesec WirelessCom2.exe
ASLR: no
DEP/NX: no
SEH: yes
Stack cookies (EXPERIMENTAL): yes
%
Both ASLR and DEP/NX should be enabled in a properly compiled Windows
binary.
The mingw compiler in Debian recently changed its default settings to
enable these (see <URL: https://bugs.debian.org/836365 >), and now I
believe we should add a lintian check to track down all packages in need
of a rebuild.
I'll try to find time to write such lintian check myself, and create
this bug report to make others aware of the idea and to reduce the
chance of duplicate efforts if others are considering the same.
--
Happy hacking
Petter Reinholdtsen
Reply to: