[hardening-discuss] Using hardening-wrapper but lintian warning still present

[José Luis Segura Lucas]

Hi!

I'm intending to package a software for Debian. I have a Debian package
with some lintian warning about hardening, but I removed most of them
using hardening-wrapper and the env DEB_BUILD_HARDENING=1 in my
debian/rules.

I only have one lintian warning now: hardening-no-fortify-functions

I see that the -D_FORTIFY_SOURCE=2 is included in each compiler
execution. This is the output of hardening-check:

    $ hardening-check --verbose /usr/bin/grive
    /usr/bin/grive:
     Position Independent Executable: yes
     Stack protected: yes
     Fortify Source functions: no, only unprotected functions found!
        unprotected: memmove
        unprotected: read
        unprotected: memcpy
     Read-only relocations: yes
     Immediate binding: yes

I asked on debian-devel and they told me that I can add an override if
only memmove ormemcpy is shown, but I have an unprotected read too.

How can I avoid this warning? It is my last problem after doing the RFS...

Best regards and thanks in advance :-)

-- 
José Luis Segura Lucas

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/hardening-discuss/attachments/20120620/6a88ae55/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/hardening-discuss/attachments/20120620/6a88ae55/attachment.pgp>