Re: Any progress with FIS GT.M?
Amul,
Thanks for making the changes in the Git repository.
In order to match that new version:
1) I modified changlog to pull : 57f2d896697
2) Removed the insertion of shebang lines from the "rules" file.
3) Removed the incorrect setuid attempt from the "rules" file.
4) Inserted an override_dh_fixperms in the "rules" file.
Then, building with debuild, returns:
Now running lintian...
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/dse
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/dse
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/ftok
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/ftok
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/geteuid
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_gnp_server
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_gnp_server
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_pkdisp
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_pkdisp
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_play
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_play
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_server
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_server
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_shmclean
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_shmclean
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/gtmsecshr
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/gtmsecshr
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/gtmsecshrdir/gtmsecshr
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/gtmsecshrdir/gtmsecshr
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/libgtmshr.so
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/libgtmshr.so
W: fis-gtm-5.5.000: shared-lib-without-dependency-information usr/lib/fis-gtm/V5.5-000_x86_64/libgtmutil.so
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/lke
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/lke
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/mumps
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/mumps
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/mupip
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/mupip
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/plugin/gtmcrypt/maskpass
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/plugin/gtmcrypt/maskpass
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/plugin/libgtmcrypt.so
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/plugin/libgtmcrypt.so
W: fis-gtm-5.5.000: hardening-no-relro usr/lib/fis-gtm/V5.5-000_x86_64/semstat2
W: fis-gtm-5.5.000: hardening-no-fortify-functions usr/lib/fis-gtm/V5.5-000_x86_64/semstat2
W: fis-gtm-5.5.000: shared-lib-without-dependency-information usr/lib/fis-gtm/V5.5-000_x86_64/utf8/libgtmutil.so
W: fis-gtm-5.5.000: non-standard-executable-perm usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_run 0744 != 0755
W: fis-gtm-5.5.000: non-standard-executable-perm usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_slist 0744 != 0755
W: fis-gtm-5.5.000: setuid-binary usr/lib/fis-gtm/V5.5-000_x86_64/gtmsecshr 4755 root/root
W: fis-gtm-5.5.000: non-standard-dir-perm usr/lib/fis-gtm/V5.5-000_x86_64/gtmsecshrdir/ 0700 != 0755
W: fis-gtm-5.5.000: setuid-binary usr/lib/fis-gtm/V5.5-000_x86_64/gtmsecshrdir/gtmsecshr 4700 root/root
W: fis-gtm-5.5.000: executable-is-not-world-readable usr/lib/fis-gtm/V5.5-000_x86_64/gtmsecshrdir/gtmsecshr 4700
W: fis-gtm-5.5.000: non-standard-executable-perm usr/lib/fis-gtm/V5.5-000_x86_64/gtmstart 0744 != 0755
W: fis-gtm-5.5.000: non-standard-executable-perm usr/lib/fis-gtm/V5.5-000_x86_64/gtmstop 0744 != 0755
W: fis-gtm-5.5.000: executable-not-elf-or-script usr/lib/fis-gtm/V5.5-000_x86_64/gtcm_slist
W: fis-gtm-5.5.000: executable-not-elf-or-script usr/lib/fis-gtm/V5.5-000_x86_64/gtmcshrc
W: fis-gtm-5.5.000: executable-not-elf-or-script usr/lib/fis-gtm/V5.5-000_x86_64/gtmprofile
W: fis-gtm-5.5.000: executable-not-elf-or-script usr/lib/fis-gtm/V5.5-000_x86_64/gtmprofile_preV54000
E: fis-gtm-5.5.000: shlib-with-executable-bit usr/lib/fis-gtm/V5.5-000_x86_64/libgtmshr.so 0755
E: fis-gtm-5.5.000: shlib-with-executable-bit usr/lib/fis-gtm/V5.5-000_x86_64/plugin/libgtmcrypt.so 0755
N: 1 tag overridden (1 warning)
Therefore:
A) we still have warnings with the scripts:
gtcm_slist
gtmcshrc
gtmprofile
gtmprofile_preV54000
B) The two .so shared libraries, apparently shouldn't
have executable permissions. Any objection to
removing those executable permissions ?
I'll experiment removing those permissions as part
of the override_dh_fixperms.
Great news is that Yaroslav's finding of dh_fixperms
seems to be the solution to the struggle we were
having with the setuid ! :-)
Luis
Reply to: