On Tue, May 29, 2012 at 07:46:17AM +0900, Hideki Yamane wrote: > Hi Simon, > > Thanks again for the lesson :)
Hi Hideki, No problem ;-) Thanks for applying the patch so quickly. > If hardening-check would says all hardening functions are enabled, > do I need to check it with blhc, too? If you want to be certain that no flags are missing, yes. `hardening-check` can only check the resulting binary, but it can't know if the flags were missing for a few files, which may lead to false negatives. Consider one file is not built with -D_FORTIFY_SOURCE=2 but the rest is. If there are protected functions in the other files, `hardening-check` will (have to) tell you everything is fine, even if they are missing for this single file. `blhc` will detect it. Regards, Simon -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9
pgpuSIhCLaPdu.pgp
Description: PGP signature