[Pkg-auth-maintainers] Bug#800578: request for help: fix hardening-no-fortify-functions lintian warning

Simon Josefsson simon at josefsson.org
Thu Oct 1 06:47:36 UTC 2015 

Package: yubikey-personalization-gui
Severity: wishlist

This package generates a lintian warning:

N: Processing binary package yubikey-personalization-gui (version 3.1.22-1, arch amd64) ...
I: yubikey-personalization-gui: hardening-no-fortify-functions usr/bin/yubikey-personalization-gui
N: 
N:    This package provides an ELF binary that lacks the use of fortified libc
N:    functions. Either there are no potentially unfortified functions called
N:    by any routines, all unfortified calls have already been fully validated
N:    at compile-time, or the package was not built with the default Debian
N:    compiler flags defined by dpkg-buildflags. If built using
N:    dpkg-buildflags directly, be sure to import CPPFLAGS.
N:    
N:    NB: Due to false-positives, Lintian ignores some unprotected functions
N:    (e.g. memcpy).
N:    
N:    Refer to https://wiki.debian.org/Hardening and
N:    https://bugs.debian.org/673112 for details.
N:    
N:    Severity: normal, Certainty: wild-guess
N:    
N:    Check: binaries, Type: binary, udeb

I have read https://wiki.debian.org/Hardening but haven't been able to
fix this.

Running blhc on the buid log produces nothing:

jas at latte:~/src/yubikey-personalization-gui-dpkg$ blhc ../yubikey-personalization-gui_3.1.22-1_amd64.build
jas at latte:~/src/yubikey-personalization-gui-dpkg$ 

Indeed hardening-check complains about fortify source functions:
jas at latte:~/src/yubikey-personalization-gui-dpkg$ hardening-check /usr/bin/yubikey-personalization-gui
/usr/bin/yubikey-personalization-gui:
 Position Independent Executable: yes
 Stack protected: yes
 Fortify Source functions: no, only unprotected functions found!
 Read-only relocations: yes
 Immediate binding: yes
jas at latte:~/src/yubikey-personalization-gui-dpkg$ 

Please help if you can!

/Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signatur
URL: <http://lists.alioth.debian.org/pipermail/pkg-auth-maintainers/attachments/20151001/a7b897fa/attachment.sig>

More information about the Pkg-auth-maintainers mailing list