On Wed, Dec 12, 2012 at 10:50:49PM +1100, Alex Z wrote: > Hi, Helmut! It's me again. > > Almost all notices you mentioned below are fixed. At least, now we > have manpages. :-) > > But i have some difficulties with hardening. > I cleanly see, that all required flags gets used during build > process, for example: > > cc -D_FORTIFY_SOURCE=2 -DUDPXREC_MOD -DNDEBUG -DTRACE_MODULE -c > udpxy.c -o udpxy.o > cc -D_FORTIFY_SOURCE=2 -DUDPXREC_MOD -DNDEBUG -DTRACE_MODULE -c > sloop.c -o sloop.o > > for compiling, and > > cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat > -Werror=format-security -Wl,-z,relro -DUDPXREC_MOD -DNDEBUG > -DTRACE_MODULE -o udpxy udpxy.o sloop.o rparse.o util.o prbuf.o > ifaddr.o ctx.o mkpg.o rtp.o uopt.o dpkt.o netop.o extrn.o main.o > udpxrec.o > > for linking. But lintian says, that "udpxy: > hardening-no-fortify-functions usr/bin/udpxrec". > Can it be false-positive? The linking line that you pasted above is the one used to create the udpxy executable file, while Lintian complains about a file named udpxrec. Is udpxrec a separate program? If so, you should look at the way it is linked (find the link line in the log that generates a udpxreg executable, a line that contains something like '-o udpxrec'). If udpxrec is really the name that udpxy is installed as (or if it is a hardlink or something similar to udpxy), then the situation is a bit more complicated. Can you post your full build log? G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@FreeBSD.org p.penchev@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 Thit sentence is not self-referential because "thit" is not a word.
Attachment:
signature.asc
Description: Digital signature