[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#837548: lintian: Should warn about PE/Windows binaries lacking security features

I had a look at this, but am unsure where in the lintian code it is best
to implement such change.  It would be useful with some input from the
Lintian developers on this.  The issue is still relevant, even though
the latest ming compiler changed its default, making rebuilds solve the
issue.  Here is the state from a rebuilt gzip-win32 and the version in
the archive:

% pesec gzip-1.6/debian/gzip-win32/usr/share/win32/gzip.exe
ASLR:                            yes
DEP/NX:                          yes
SEH:                             yes
Stack cookies (EXPERIMENTAL):    yes
% pesec /usr/share/win32/gzip.exe
ASLR:                            no
DEP/NX:                          no
SEH:                             yes
Stack cookies (EXPERIMENTAL):    yes
% file --mime-type /usr/share/win32/gzip.exe
/usr/share/win32/gzip.exe: application/x-dosexec
% file /usr/share/win32/gzip.exe
/usr/share/win32/gzip.exe: PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
%

The lintian check should run pesec on all Windows binaries and warn if
any of the security features are turned off.

-- 
Happy hacking
Petter Reinholdtsen
Reply to: