Bug#652449: elinks: Hardening CPPFLAGS missing, please enable pie and bindnow

[Simon Ruderich]

Package: elinks
Version: 0.12~pre5-7
Followup-For: Bug #652449

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Moritz,

Please reconsider enabling pie and bindow. As a browser elinks
reads untrusted data and thus is more vulnerable to attacks.
Especially PIE makes most attacks much more difficult.

It may take a while (if it ever happens) before +pie and +bindnow
are enabled by default and in the meantime elinks should be
protected by adding

    export DEB_BUILD_MAINT_OPTIONS = hardening=+all

to debian/rules. As it works fine I see no reason why the
additional hardening flags shouldn't be enabled.

Regards,
Simon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJO9nCZAAoJEJL+/bfkTDL54zAP/3FV6QNmLDf7ImYq5pZ0JoPF
bHKiBwwzrkrT8zdTqtflCZYXDEu2vEpQw1rcPARCKsK4GbZ8CBCq/VAb/dbR2yRF
m4FFamBmYRrTTbquGY54bC6dVqQlXq/Ug7yx3fTAksbF4vFX7rL/528qBgA5CScg
OOdFTq17PyqXSYPfJGeiQu41PtaXwTVd46K+9f8Kwd3QsT/yIBhUR0qWDC5RZHMS
DZWAbKSxQV+d9Ve5+MSIQx7vnREQF1kQBQ69lXhe1k/Gavzn1+Gft/BdtCJYksLy
5ScAa11xbadmCWvJW/sy/aYCEDA9dpqJK3cFjn8L+l86UU30MTVAfh6eAHTc/izi
nzbpFSC7h5Nwn9kf9k/QtrrWrwnKyoUR1+Ee/Xo27TjCfAWtt+cAbsVobuM4KA46
Rsh9LiJjdulYNCbiOYV/NMxweuRZ3oEb7bXzTBWQRq6yRVqFMiSBqNWyIhggh1Ex
X9LB54X1YtY1PvKlYUdbZO9hor0MH0HGUw7yDu0cgYwv+IfZZqe+dm4eMKBbQzSU
UGrzeV7b7623Pnz3UUQA5Ua1YtGs0ggzCWbir5x/T2+DWQcpI7GRyeU2mzHSXz14
hQmFVHU9re/hjRJ6Gp7bQGOMyZOwbbBHIcE3pcs1ULcPkP7o6JQKIPY055Zx8cSd
79Qn0VjxCdQP1/obWpD9
=x4ga
-----END PGP SIGNATURE-----



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org