[Pkg-pascal-devel] Lintian errors and warnings on FPC
Abou Al Montacir
abou.almontacir at sfr.fr
Tue Jan 25 08:33:30 GMT 2022
Hi,
On Tue, 2022-01-25 at 07:05 +0000, peter green wrote:
> On 25/01/2022 06:14, David Bannon wrote:
> > that would also cover the situation that now applies to eg x86-64 and Arm
> > too where hardening does not work with a statically linked binary, you need
> > to manually force it to be a dynamic link first.
> >
> > Your question ? Personally I see little benifit in hardening on a single
> > user, private system. But agree that its a very good thing on what we
> > generally call a server. We should be able to do it !
> >
> To me it's less about the system and more about the program. There are two key
> questions.
>
> 1. To what extent is the program used to process untrusted data. The bottom
> line with compilers
> and related tools is that most of the time people use them on a codebase they
> plan to execute,
> so there is little to be gained by attacking them.
>
> 2. To what extent does the language and programming style help avoid the kind
> of screwups that
> lead to hardening being created in the first place. I'd say in this regard
> borland style pascal
> is better than C, possiblly slightly worse than modern C++, much worse than
> rust.
>
> How many pascal programs in Debian are there that do not link against the
> (dynamic) C library
> for one reason or another *and* are likely to be used to process untrusted
> data?
> Is the inability to harden static binaries really that big a deal?
Personally, I'd prefer robustness against performance, but have no clue what
kind of attacks we may encounter if lacking hardening.
I don't have time, for now, to query this, and taking into accounts remarks and
questions above, I would say let's keep this as is?
No override, live with it until we get a clear decision on whether we should do
it or not. It will not matter too much as anyway there are less than 1k systems
installing FPC, so not a nice target for an attacker.
--
Cheers,
Abou Al Montacir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-pascal-devel/attachments/20220125/d61611db/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-pascal-devel/attachments/20220125/d61611db/attachment.sig>
More information about the Pkg-pascal-devel
mailing list