resiprocate/hardening-no-fortify-functions problems
http://mentors.debian.net/package/resiprocate
I added the following to debian/rules:
DEB_BUILD_MAINT_OPTIONS = hardening=+all
DPKG_EXPORT_BUILDFLAGS = 1
include /usr/share/dpkg/buildflags.mk
During the build, I notice the *FLAGS values appear to be set, e.g.
/bin/bash ../libtool --tag=CXX --mode=link g++ -g -O2 -fPIE
-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security
-Werror=format-security -Wall -Wno-deprecated -fPIE -pie -Wl,-z,relro
-Wl,-z,now -lcares -o repro repro.o librepro.la ../resip/dum/libdum.la
../resip/stack/libresip.la ../rutil/librutil.la -lssl -lpthread
After building, I check the binaries, it seems to think they were
hardened, but some intermittent issues with `Fortify Source functions'
and lintian (on mentors) complains - but it only complains for two of
the binaries, repro and libdum-1.8.so:
$ hardening-check debian/repro/usr/sbin/repro
debian/repro/usr/sbin/repro:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: unknown, no protectable libc functions used
Read-only relocations: yes
Immediate binding: yes
$ hardening-check debian/libresiprocate-1.8/usr/lib/libdum-1.8.so
debian/libresiprocate-1.8/usr/lib/libdum-1.8.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: yes
Fortify Source functions: no, only unprotected functions found!
Read-only relocations: yes
Immediate binding: yes
$ hardening-check debian/libresiprocate-1.8/usr/lib/libresip-1.8.so
debian/libresiprocate-1.8/usr/lib/libresip-1.8.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: yes
Reply to: