Bug#759751: libutempter: Please enable hardening compiler flags

To: 759751@bugs.debian.org, Simon Ruderich <simon@ruderich.org>
Subject: Bug#759751: libutempter: Please enable hardening compiler flags
From: Felix Geyer <fgeyer@debian.org>
Date: Fri, 29 May 2015 20:27:48 +0200
Message-id: <[🔎] 5568AFA4.2040907@debian.org>
Reply-to: Felix Geyer <fgeyer@debian.org>, 759751@bugs.debian.org
In-reply-to: <20140829230617.GA30000@ruderich.org>
References: <20140829230617.GA30000@ruderich.org> <20140829230617.GA30000@ruderich.org>

Hi,

On Sat, 30 Aug 2014 01:06:17 +0200 Simon Ruderich <simon@ruderich.org> wrote:
> Source: libutempter
> Version: 1.1.5-4
> Severity: normal
> Tags: patch
> 
> Hello,
> 
> libutempter provides a setgid binary and therefore should enable
> all possible compiler hardening options.
> 
> The attached patch enables compat=9 to automatically use
> hardening flags from dpkg-buildpackage. However the build system
> has a bug which drops compiler flags from the environment and
> therefore the second attached patch is also necessary. It should
> be sent upstream.

I agree that we should enable hardening build flags.

The PIE flags should however only be passed when linking executables.
Your patch passes it to both the library and the executable.

Cheers,
Felix

Reply to:

Prev by Date: Bug#779915: marked as done (extra-cmake-modules: Should use dh_sphinxdoc)
Next by Date: Processed: forcibly merging 698590 718184
Previous by thread: Bug#779915: marked as done (extra-cmake-modules: Should use dh_sphinxdoc)
Next by thread: Processed: forcibly merging 698590 718184
Index(es):
- Date
- Thread