[Pkg-pascal-devel] Lintian errors and warnings on FPC

[David Bannon]

On Tue, 2022-01-25 at 09:33 +0100, Abou Al Montacir wrote:
> Personally, I'd prefer robustness against performance, but have no
> clue what kind of attacks we may encounter if lacking hardening.

Just to be clear here, hardening is unavailable on PPC64el but works
fine on Intel and Arm platforms, most other as well but no personal
knowledge there.

So, hardening, being a Debian preferred model can, and perhaps should
be applied to all the binaries in FPC and Lazarus if thats how you feel
about it. It would be a patch applied to either the makefile or one scr
file per binary, depending on the type of binary. Those that are
already dynamicly linked, just need a couple of extra switches applied
to their respective entry in the makefile, I believe that happens
already for some, more significent fpc binaries.

A special case is where the binary is only statically linked because
its a small, single function thing that does not need to be linked
externally. There are a handful of such binaries in FPC. In their case,
they need the src patched to add eg {$linklib c}, that forces an
otherwise unnecessary link to the C libs and therefore dynamic linking,
then just add the -Cg -k-pie -k-znow

Or, somewhat messier, I found you can explicitly name the loader on the
linker line

fpc -Cg -k-pie -k-znow -k"--dynamic-linker /lib64/ld-linux-x86-64.so.2" 
test.pas



> I don't have time, for now, to query this, and taking into accounts
> remarks and questions above, I would say let's keep this as is?
> No override, live with it until we get a clear decision on whether we
> should do it or not.

I certainly agree its not a case for an override, if its wrong, it
needs to be flagged wrong. We can choose a temporary patch based fix or
leave them unhardened, for now, flagged as such.

Davo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-pascal-devel/attachments/20220126/daf1ce21/attachment.htm>