[hardening-discuss] Bug#635642: hardening-includes: armel doesn't use stack protector
Raphaël Hertzog
hertzog at debian.org
Wed Jul 27 20:17:32 UTC 2011
Package: hardening-includes
Version: 1.33
Severity: normal
While reading the makefile I came across this:
ifneq (,$(filter $(DEB_HOST_ARCH_CPU), ia64 alpha mips mipsel hppa arm ))
# Stack protector disabled on ia64, alpha, mips, mipsel, hppa.
# "warning: -fstack-protector not supported for this target"
# Stack protector disabled on arm (ok on armel).
# compiler supports it incorrectly (leads to SEGV)
DEB_BUILD_HARDENING_STACKPROTECTOR ?= 0
endif
But the check is on the _CPU variable which returns "arm" both for "arm"
and "armel":
$ dpkg-architecture -aarmel
[...]
DEB_HOST_ARCH_CPU=arm
DEB_HOST_GNU_CPU=arm
$ dpkg-architecture -aarm
[...]
DEB_HOST_ARCH_CPU=arm
DEB_HOST_GNU_CPU=arm
So effectively the above code is disabling the stack protector on
armel while you seem to imply that it works fine there. You should
use another check to exclude arm.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (150, 'experimental')
Architecture: i386 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-- no debconf information
More information about the hardening-discuss
mailing list