---------- Forwarded message ---------- From: Moritz Muehlenhoff <[email protected]> Date: Thu, Jan 5, 2012 at 10:46 PM Subject: [pkg-firebird-general] Bug#654793: Hardening flags not fully enabled To: Debian Bug Tracking System <[email protected]>
Source: firebird2.5 Severity: important Hi, I'm currently checking all packages, which had a DSA in the last year to enable hardened build flags. firebird2.5 has already been updated to use dpkg-buildflags, but I noticed that not all flags are fully in effect. You can use the hardening-check scripts from the package hardening includes: Out of the three hardening features from the Wheezy default set (protected stack, fortified source and relro) not all are fully applied, e.g. root@pisco:~# hardening-check /usr/sbin/fb_inet_server /usr/sbin/fb_inet_server: Stack protected: no, not found! Fortify Source functions: unknown, no protectable libc functions used Read-only relocations: yes root@pisco:~# hardening-check /usr/bin/fbsvcmgr /usr/bin/fbsvcmgr: Stack protected: yes Fortify Source functions: no, no protected functions found! Read-only relocations: yes root@pisco:~# hardening-check /usr/lib/x86_64-linux-gnu/libfbclient.so.2.5.2 /usr/lib/x86_64-linux-gnu/libfbclient.so.2.5.2: Stack protected: yes Fortify Source functions: no, no protected functions found! Read-only relocations: yes The reason is likely that some parts of Firebird build system hardcode specific flags, which nullify the hardened build flags? Cheers, Moritz _______________________________________________ pkg-firebird-general mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-firebird-general ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
