[Bug 1820798] Re: hardening-check: add support for detecting stack clash protected binaries
Mattia Rizzolo
mattia at mapreri.org
Sat Apr 20 20:39:52 UTC 2019
Could you please submit this in the form of a MR against
https://salsa.debian.org/debian/devscripts ?
I would be happy to review and merge such contribution once an MR is
opened there (as a first look the patch doesn't look crazy, but I would
need to look deeper - I'm not familiar with that particular script).
The hardening-check script does not have a test suite, but if you could
also consider contributing one (since it's perl, just add a test/t
/hardening-checks.t using Test::More) it would be really awesome (not
required to get this patch merged, though)
Also, I would love if you could refrain from uploading such diffs to
Ubuntu, given that I'm open to get such changes in Debian directly
(removing ~ubuntu-sponsors as such…)
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1820798
Title:
hardening-check: add support for detecting stack clash protected
binaries
Status in devscripts package in Ubuntu:
New
Bug description:
The security team is in the process of making -fstack-clash-protection
enabled by default in gcc-8/9 for 19.10 / 20.04. To support this it is
useful to be able to detect binaries which include this new feature
via hardening-check. Unlike previous features this can only be
detected by looking for the sequence of instructions which perform
this feature in the disassembly output via objdump.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/devscripts/+bug/1820798/+subscriptions
More information about the Ubuntu-sponsors
mailing list