[MDEV-8377] Debian: the Lintian tests complain about "hardening-no-fortify-functions usr/lib/mysql/plugin/auth_pam.so" Created: 2015-06-25 Updated: 2015-07-01 Resolved: 2015-07-01 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Compiling |
| Affects Version/s: | 10.0 |
| Fix Version/s: | N/A |
| Type: | Bug | Priority: | Critical |
| Reporter: | Sergey Vojtovich | Assignee: | Sergey Vojtovich |
| Resolution: | Not a Bug | Votes: | 0 |
| Labels: | None | ||
| Description |
|
The Lintian tests complain about "hardening-no-fortify-functions usr/lib/mysql/plugin/auth_pam.so" |
| Comments |
| Comment by Sergey Vojtovich [ 2015-06-29 ] | ||||||||||||
|
According to Lintian:
If I do hardening-check -v auth_pam.so, I get something like this:
If I do hardening-check -v mysqld, I get something like this:
According to code analysis both calls could have been validated during compile time (there're obvious boundary checks). So I assume there indeed "no potentially unfortified functions called by any routines". | ||||||||||||
| Comment by Sergey Vojtovich [ 2015-06-29 ] | ||||||||||||
|
otto, could you review my findings? I believe it was false positive. | ||||||||||||
| Comment by Otto Kekäläinen [ 2015-06-30 ] | ||||||||||||
|
I don't understand the topic good enough to validate/invalidate your findings. | ||||||||||||
| Comment by Sergey Vojtovich [ 2015-07-01 ] | ||||||||||||
|
Then closing this as not a bug. Should we report this false positive to lintian? | ||||||||||||
| Comment by Otto Kekäläinen [ 2015-07-01 ] | ||||||||||||
|
Ok, I also added an Lintian override https://github.com/ottok/mariadb-10.0/commit/53ec8b7dd63ed47bf44d92207f188f8db63be1f1 | ||||||||||||
| Comment by Otto Kekäläinen [ 2015-07-01 ] | ||||||||||||
|
There are no other complaints about hardening in the package by Lintian at the moment: https://lintian.debian.org/full/pkg-mysql-maint@lists.alioth.debian.org.html#mariadb-10.0_10.0.20-1 |