[Bug 516862] [NEW] /usr/bin/timeadj doesn't appear to have stack protection
Steve Beattie
sbeattie at ubuntu.com
Thu Feb 4 01:39:50 GMT 2010
Public bug reported:
Binary package hint: ntp
For some reason, the timeadj binary in the ntp package doesn't appear to
get built with gcc's stack protector option. Running the hardening check
from the qa-regression-testing testsuite doesn't find the
__stack_chk_fail symbol.
ubuntu at lucid-server-ia32:~/bzr/qa-regression-testing/scripts$ apt-cache policy ntp
ntp:
Installed: 1:4.2.4p8+dfsg-1ubuntu1
Candidate: 1:4.2.4p8+dfsg-1ubuntu1
Version table:
*** 1:4.2.4p8+dfsg-1ubuntu1 0
500 http://denisovich lucid/main Packages
100 /var/lib/dpkg/status
ubuntu at lucid-server-ia32:~/bzr/qa-regression-testing/scripts$ dpkg -S /usr/bin/tickadj
ntp: /usr/bin/tickadj
ubuntu at lucid-server-ia32:~/bzr/qa-regression-testing/scripts$ built-binaries/hardening-check -f /usr/bin/tickadj
/usr/bin/tickadj:
Position Independent Executable: yes
Stack protected: no, not found!
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
ProblemType: Bug
Architecture: i386
Date: Wed Feb 3 15:13:35 2010
DistroRelease: Ubuntu 10.04
InstallationMedia: Error: [Errno 13] Permission denied: '/var/log/installer/media-info'
NtpStatus: ntpq: read: Connection refused
Package: ntp 1:4.2.4p8+dfsg-1ubuntu1
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.32-12.16-generic-pae
SourcePackage: ntp
Uname: Linux 2.6.32-12-generic-pae i686
** Affects: ntp (Ubuntu)
Importance: Undecided
Status: New
** Tags: apport-bug i386 lucid
--
/usr/bin/timeadj doesn't appear to have stack protection
https://bugs.launchpad.net/bugs/516862
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in ubuntu.
More information about the Ubuntu-server-bugs
mailing list