Package: hardening-includes
Version: 2.7
X-Debbugs-CC: costel.ma...@intel.com
The script hardening-check can give a false negative result if the binary
analyzed was compiled with ICC (with stack protection).
Hardening-check looks for __stack_chk_fail, but in ICC compiled binaries the
correct functions to be searched for should be __intel_security_cookie or
__intel_security_check_cookie.
Below is a naive patch:
diff --git a/usr/bin/hardening-check b/hardening-check-intel
index 799943c..f40eda7 100755
--- a/usr/bin/hardening-check
+++ b/hardening-check-intel
@@ -302,6 +302,7 @@ foreach my $file (@ARGV) {
# Stack-protected
$name = " Stack protected";
if (defined($functions->{'__stack_chk_fail'}) ||
+ defined($functions->{'__intel_security_cookie'}) ||
(!$elf && defined($functions->{'__stack_chk_fail_local'}))) {
good($name, "yes")
}
Regards,
Alex
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
