On Tue, Oct 29, 2019 at 11:05:02PM -0400, Scott Talbert wrote: > On Wed, 30 Oct 2019, Olly Betts wrote: > > > The same issue applies to memcpy() which is why it's deliberately from > > lintian's list: > > > > https://sources.debian.org/src/lintian/2.31.0/data/binaries/hardened-functions/?hl=6#L6 > > > > Presumably wmemcpy() is simply much less widely used than memcpy(), and > > that's the only reason it's not also omitted already. > > Thanks for the details, Olly. So, what you're saying is that wmemcpy should > be excluded from hardened-functions?
Yes. Probably wmemset and wmemmove should be too. The history of this seems to be in #673112 (don't be misled by the bug title!) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673112#67 suggests that perhaps recvfrom, recv and read ought to be as well. The whole approach seems a bit flawed though - the hardening-no-fortify-functions description says: | Either there are no potentially unfortified functions called by any | routines, all unfortified calls have already been fully validated at | compile-time, or the package was not built with the default Debian | compiler flags defined by dpkg-buildflags One of the first two cases seems to often be true for a lot of C++ code. I thought I read ages ago about an idea to record the hardening flags as notes in the compiled files, which seemed a much more satisfactory approach, but I guess nothing ever came of it. Cheers, Olly
