Enable hardening options, use debian packaging compat 9
Bug #1019829 reported by
Devid Antonio Filoni
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
elementary OS |
Fix Released
|
Wishlist
|
Devid Antonio Filoni | ||
0.3-freya |
Fix Released
|
Wishlist
|
Sergey "Shnatsel" Davidoff |
Bug Description
I think you should enable hardening options like in Debian.
WHY?
http://
HOW TO DO THIS (that's how I would do it):
- Backport debhelper 9.20120417 to precise
- Add debhelper (>= 9.20120417) in Build-Depends field to each debian/control
- Change debian/compat to 9 in each Debian package
NOTE:
Please don't override flags in your CMakeLists.txt files.
Example:
http://
Changed in elementaryos: | |
status: | New → In Progress |
assignee: | nobody → Devid Antonio Filoni (d.filoni) |
Changed in elementaryos: | |
importance: | Undecided → Wishlist |
no longer affects: | appcenter |
To post a comment you must log in.
I backported debhelper [1] and tested a granite build [2].
In Precise hardening flags are enabled but due to a CMake bug [3] (fixed in debhelper 9.20120417) CPPFLAGS are ignored. CPPFLAGS variable is used in Ubuntu/Debian to pass -D_FORTIFY_SOURCE=2 flag to compiler.
Now, with the backported package and the changes described above looks like CPPFLAGS are recognized by compiler [4].
UBUNTU HARDENING FLAGS: ssp-buffer- size=4 -Wformat -Wformat-security ssp-buffer- size=4 -Wformat -Wformat-security functions -Wl,-z,relro
dpkg-buildpackage: export CFLAGS from dpkg-buildflags (origin: vendor): -g -O2 -fstack-protector --param=
dpkg-buildpackage: export CPPFLAGS from dpkg-buildflags (origin: vendor): -D_FORTIFY_SOURCE=2
dpkg-buildpackage: export CXXFLAGS from dpkg-buildflags (origin: vendor): -g -O2 -fstack-protector --param=
dpkg-buildpackage: export FFLAGS from dpkg-buildflags (origin: vendor): -g -O2
dpkg-buildpackage: export LDFLAGS from dpkg-buildflags (origin: vendor): -Wl,-Bsymbolic-
ABOUT -D_FORTIFY_SOURCE=2 (from http:// wiki.debian. org/Hardening/):
During code generation the compiler knows a great deal of information about buffer sizes (where possible), and attempts to replace insecure unlimited length buffer function calls with length-limited ones. This is especially useful for old, crufty code. Additionally, format strings in writable memory that contain '%n' are blocked. If an application depends on such a format string, it will need to be worked around.
[1] https:/ /launchpad. net/~d. filoni/ +archive/ quantal- builds/ +sourcepub/ 2542384/ +listing- archive- extra /launchpad. net/~d. filoni/ +archive/ quantal- builds/ +sourcepub/ 2542404/ +listing- archive- extra www.cmake. org/Bug/ view.php? id=12928 /launchpadlibra rian.net/ 109111815/ granite_ 0.2~r290- 0~0devfil3% 2Blogger~ precise1_ amd64.changes
[2] https:/
[3] http://
[4] https:/