blhc
build log hardening check
Install
- All systems
-
curl cmd.cat/blhc.sh
- Debian
-
apt-get install blhc
- Ubuntu
-
apt-get install blhc
- Kali Linux
-
apt-get install blhc
- Windows (WSL2)
-
sudo apt-get update
sudo apt-get install blhc
- Raspbian
-
apt-get install blhc
- Dockerfile
- dockerfile.run/blhc
blhc
build log hardening check
Perl tool which checks build logs for missing hardening flags. Hardening flags enable additional security features in the compiler to prevent e.g. stack overflows, format string vulnerabilities, GOT overwrites, etc. See e.g. <http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags>. Because most build systems are quite complicated there are many places where compiler flags from the environment might be ignored. The parser verifies that all compiler commands use the correct hardening flags and thus all hardening features are correctly used. It's designed to check build logs generated by Debian's dpkg-buildpackage (or tools for packaging, using dpkg-buildpackage like pbuilder or the official buildd build logs) to help maintainers detect missing hardening flags in their packages. Only gcc is detected as compiler at the moment (but other compilers maybe supported).