blhc (build log hardening check) is a small tool which checks build logs for
missing hardening flags. It's licensed under the GPL 3 or later.
+Hardening flags enable additional security features in the compiler to prevent
+e.g. stack overflows, format string vulnerabilities, GOT overwrites, etc.
+
+Because most build systems are quite complicated there are many places where
+compiler flags from the environment might be ignored. The parser verifies that
+all compiler commands use the correct hardening flags and thus all hardening
+features are correctly used.
+
It's designed to check build logs generated by Debian's dpkg-buildpackage (or
tools using dpkg-buildpackage like pbuilder or the official buildd build logs)
to help maintainers detect missing hardening flags in their packages.
At the moment it works only on Debian and derivatives but it should be easily
-extendable for other systems as well.
+extendable to other systems as well. Patches are welcome.
For more information about hardening flags have a look at [1].
ruderich.org/simon / blhc / blhc.git / commitdiff