Bug#663605: vim: LDFLAGS hardening flags missing for xxd

Simon Ruderich simon at ruderich.org
Mon Mar 12 16:44:56 UTC 2012


Source: vim
Version: 2:7.3.429-2
Severity: important
Tags: patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dear Maintainer,

The LDFLAGS hardening flags are missing for xxd because the
Makefile doesn't use them.

The attached patch fixes the issue. If possible it should be sent
to upstream.

To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (hardening-check doesn't catch everything):

    $ hardening-check /usr/bin/xxg
    /usr/bin/xxd:
     Position Independent Executable: no, normal executable!
     Stack protected: no, not found!
     Fortify Source functions: yes (some protected functions found)
     Read-only relocations: yes
     Immediate binding: no not found!

(Position Independent Executable and Immediate binding is not
enabled by default.)

Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.

Regards,
Simon

[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJPXigDAAoJEJL+/bfkTDL5J5gP/2TvT/J35eNwzSU/118Huq+J
Nv6J75eXONYgy2+nIt4/2pbEVZfmXaDhDnIp4vHEIacEH4HQdQQjT1MuORKEt8S2
BCg6lxlcVMF9FKf7NFYC6mueFo9H20eIz/cA8YLR15dY4I+gg7pT+eNea8WWyd0k
Owk1+xNetiJ9GoIjKzTLrK0yuuQ6JfppKMNeR6pRWfYeu7FrJxoPn4EVnL1YIXEk
mRaVswyXki317HvL4z8hLrEtJwKO3qCsslJIh+kO2sElDSh/En8Z7GIC6Rha6H95
oX1nmaN6fEPW3o/PppP3T6Unroa+mpqiKjfUKS2xMg3OeONJPzo4PwkuB5+w3OVv
ae0ykAVvJCyNNYHiztC9PlyeXserIY+NvCVQKd8J5HYb8XA5ltZS6FhQqtojBzDd
df6s74sgXDBZ5G4WvQ4T+X8S9Rx0zuNXb/kx78QmTgAMNtfC1LLCLThk7k/91/I0
GsIpno9WMSojMbK75rdV4RNcWRBZ8+FEfYs61EYL5hkZI8V1f81I08OyXbOHS0xr
qR0ApMFLnO1TVa19f0FiT0ZmI8M+dt7c7LX8xquL/SObKU/NO01tplkU9Ml0pNsg
nY1ImMZ3HGxtmaCUNYy70t/h9T4eDLYOazCx2esmCiWwMkXX8p/JtBCe127W52Oa
THues9M/EoHSP8722Yak
=ijFp
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xxd-ldflags.patch
Type: text/x-diff
Size: 566 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-vim-maintainers/attachments/20120312/dc4b1be6/attachment.patch>


More information about the pkg-vim-maintainers mailing list