Lintian Reports (Beta Testing)

P portable-executable-missing-security-features

This tag is experimental.

Please read the note at the bottom before proceeding.

The package ships a Microsoft Windows Portable Executable (PE) file that appears to be lacking security hardening features.

You can see which are missing using the pesec tool from the pev package.

EFI binaries often trigger this tag. The security flags are probably meaningless for them, but the flags are easily changed using the genpeimg tool from the mingw-w64-tools package.

$ genpeimg -d +d -d +n -d +s $file

Then, to verify that it worked:

$ genpeimg -x $file ... Optional Characteristics: dynamic-base nx-compatible no-SEH

Please change the flags, if possible, instead of overriding the tag.

NB: Due to recent changes in binutils-mingw-w64>/tt> the foregoing advice is incorrect. Current tools do not actually create safe binaries, and advertising such settings with genpeimg is pointless.

More information can be found via the link in the references.

Refer to https://www.kb.cert.org/vuls/id/307144/ for details.

Severity: pedantic

Check: pe