-=| Moritz Muehlenhoff, 07.01.2012 14:13:56 +0100 |=- > - relro should on "yes" in all cases. That's the case for the > binaries I checked, so all seems fine.
Right. > - The test for a protected stack cannot show that it's activated if > the tested code doesn't use arrays on the stack. Since that's the > case for a few binaries I tested everything seems fine. In my tests, I get only one "Stack protected: no, not found!" and that is for /usr/sbin/fb_inet_server (firebird2.5-classic package). This is one of the simplest binaries, as it contains only one object and a few lines of code, passing control to a shared library it is linked with. This one should be fine indeed. > - The check for fortified source functions depends on the use of > such functions. If none of them are present the error "no > protectable libc functions used" is shown. However, there are also > results that show "no" (e.g. /usr/bin/fbsvcmgr). As such, there > might indeed be a problem with the LDFLAGS being overwritten. Most of the binaries suffer from this, and in the end the reason appears to be missing usage of CPPFLAGS when compiling C++ sources. The following patch seems to fix the problem: ======================================================= --- a/builds/posix/make.rules +++ b/builds/posix/make.rules @@ -33,7 +33,7 @@ # Please don't use compiler/platform specific flags here - nmcc 02-Nov-2002 WFLAGS:=-I$(SRC_ROOT)/include/gen -I$(SRC_ROOT)/include -I$(SRC_ROOT)/vulcan \ - -DNAMESPACE=Vulcan + $(CPPFLAGS) -DNAMESPACE=Vulcan ifeq ($(STD_ICU),false) WFLAGS:= $(WFLAGS) -I$(ROOT)/extern/icu/source/common -I$(ROOT)/extern/icu/source/i18n ======================================================= Alex, is this the right place to plug CPPFLAGS?
signature.asc
Description: Digital signature