[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Any progress with FIS GT.M?

Amul,

Thanks for making the changes in the Git repository.

In order to match that new version:

1) I modified changlog to pull :  57f2d896697
2) Removed the insertion of shebang lines from the "rules" file.
3) Removed the incorrect setuid attempt from the "rules" file.
4) Inserted an override_dh_fixperms in the "rules" file.

Then, building with debuild, returns:

Now running lintian...
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/dse
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/dse
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/ftok
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/ftok
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/geteuid
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_gnp_server
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_gnp_server
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_pkdisp
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_pkdisp
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_play
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_play
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_server
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_server
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_shmclean
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_shmclean
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/gtmsecshr
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/gtmsecshr
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/gtmsecshrdir/gtmsecshr
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/gtmsecshrdir/gtmsecshr
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/libgtmshr.so
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/libgtmshr.so
W: fis-gtm-5.5.000: shared-lib-without-dependency-information usr/lib/fis-gtm/V5.5-000_x86_64/libgtmutil.so
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/lke
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/lke
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/mumps
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/mumps
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/mupip
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/mupip
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/plugin/gtmcrypt/maskpass
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/plugin/gtmcrypt/maskpass
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/plugin/libgtmcrypt.so
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/plugin/libgtmcrypt.so
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/semstat2
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/semstat2
W: fis-gtm-5.5.000: shared-lib-without-dependency-information usr/lib/fis-gtm/V5.5-000_x86_64/utf8/libgtmutil.so
W: fis-gtm-5.5.000: non-standard-executable-perm usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_run 0744 != 0755
W: fis-gtm-5.5.000: non-standard-executable-perm usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_slist 0744 != 0755
W: fis-gtm-5.5.000: setuid-binary usr/lib/fis-gtm/V5.5-000_x86_64/gtmsecshr 4755 root/root
W: fis-gtm-5.5.000: non-standard-dir-perm usr/lib/fis-gtm/V5.5-000_x86_64/gtmsecshrdir/ 0700 != 0755
W: fis-gtm-5.5.000: setuid-binary usr/lib/fis-gtm/V5.5-000_x86_64/gtmsecshrdir/gtmsecshr 4700 root/root
W: fis-gtm-5.5.000: executable-is-not-world-readable usr/lib/fis-gtm/V5.5-000_x86_64/gtmsecshrdir/gtmsecshr 4700
W: fis-gtm-5.5.000: non-standard-executable-perm usr/lib/fis-gtm/V5.5-000_x86_64/gtmstart 0744 != 0755
W: fis-gtm-5.5.000: non-standard-executable-perm usr/lib/fis-gtm/V5.5-000_x86_64/gtmstop 0744 != 0755
W: fis-gtm-5.5.000: executable-not-elf-or-script usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_slist
W: fis-gtm-5.5.000: executable-not-elf-or-script usr/lib/fis-gtm/V5.5-000_x86_64/gtmcshrc
W: fis-gtm-5.5.000: executable-not-elf-or-script usr/lib/fis-gtm/V5.5-000_x86_64/gtmprofile
W: fis-gtm-5.5.000: executable-not-elf-or-script usr/lib/fis-gtm/V5.5-000_x86_64/gtmprofile_preV54000
E: fis-gtm-5.5.000: shlib-with-executable-bit usr/lib/fis-gtm/V5.5-000_x86_64/libgtmshr.so 0755
E: fis-gtm-5.5.000: shlib-with-executable-bit usr/lib/fis-gtm/V5.5-000_x86_64/plugin/libgtmcrypt.so 0755
N: 1 tag overridden (1 warning)

Therefore:

A) we still have warnings with the scripts:

gtcm_slist
gtmcshrc
gtmprofile
gtmprofile_preV54000


B) The two .so shared libraries, apparently shouldn't
     have executable permissions. Any objection to
     removing those executable permissions ?

     I'll experiment removing those permissions as part
    of the override_dh_fixperms.


Great news is that Yaroslav's finding of dh_fixperms
seems to be the solution to the struggle we were
having with the setuid  !        :-)



     Luis


Reply to: