[lintian] 02/06: c/binaries: Implemented hardening-no-relro directly
This is an automated email from the git hooks/post-receive script.
nthykier pushed a commit to branch merge-hardening-check
in repository lintian.
commit d9f86ef466054c1a590695615376e1cfd6aa246f
Author: Niels Thykier <niels@thykier.net>
Date: Sat Sep 17 19:27:16 2016 +0000
c/binaries: Implemented hardening-no-relro directly
Signed-off-by: Niels Thykier <niels@thykier.net>
---
checks/binaries.pm | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/checks/binaries.pm b/checks/binaries.pm
index 4785bd0..5497660 100644
--- a/checks/binaries.pm
+++ b/checks/binaries.pm
@@ -554,6 +554,12 @@ sub run {
}
}
+ if ( $arch_hardening->{'hardening-no-relro'}
+ and not $built_with_golang
+ and not $objdump->{'PH'}{'RELRO'}) {
+ tag 'hardening-no-relro', $file;
+ }
+
# Check for missing hardening characteristics. This currently
# handles the following checks:
# no-relro no-fortify-functions no-stackprotector no-bindnow no-pie
@@ -561,6 +567,8 @@ sub run {
if ($arch_hardening) {
foreach my $t (@{$info->hardening_info->{$fname}}) {
my $tag = "hardening-$t";
+ # Implemented elsewhere
+ next if $t eq 'no-relro';
# Binaries built by the Go compiler do not support all
# hardening measures.
next
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
Reply to: