Package: dpkg
Version: 1.18.10
Severity: wishlist
Tags: patch moreinfo
Dear Guillem,
As a continuation of the discussions [1][2] on debian-devel I'm
attaching the simple patch that implements enabling the bindnow
hardening flags.
I'm continuing with the rebuild/autopkgtest tests according to
the Dpkg FAQ, hence the moreinfo tag.
Cheers,
Balint
[1] https://lists.debian.org/debian-devel/2016/05/msg00228.html
[2] https://lists.debian.org/debian-devel/2016/08/msg00324.html
>From 93059236f0559649e052a1cae00ff7a5ba4cab05 Mon Sep 17 00:00:00 2001
From: Balint Reczey <bal...@balintreczey.hu>
Date: Sun, 3 Jul 2016 21:12:09 +0200
Subject: [PATCH 1/2] Use bindnow hardening flag by default
---
scripts/Dpkg/Vendor/Debian.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm
index ebb1750..f8854e2 100644
--- a/scripts/Dpkg/Vendor/Debian.pm
+++ b/scripts/Dpkg/Vendor/Debian.pm
@@ -277,7 +277,7 @@ sub _add_hardening_flags {
fortify => 1,
format => 1,
relro => 1,
- bindnow => 0,
+ bindnow => 1,
);
# Adjust features based on user or maintainer's desires.
--
2.1.4
