Lintian ReportsBETA

Tag versions


The tag is present in Lintian version 2.113.26. That is the most recent version we know about.

We use semantic versions. The patch number is a commit step indicator relative to the 2.113.0 release tag in our Git repository.

You can find the detection logic for this version at commit 43a81d7. For merge requests, please use the latest version in the Lintian check pe.

This tag is experimental.

Visibility: pedantic

A portable executable (PE32+) file lacks security features.

Due to changes in binutils-mingw-w64 the historical advice is incorrect. Current tools do not create safe binaries, and advertising such settings with genpeimg is pointless.

In short, the flags alone do nothing unless a binary is built specifically to support a missing flag. Merely setting the flag, as recommended below, can actually make a file less secure.

More information can be found via the link in the references.

The following advice is historical. PLEASE DO NOT FOLLOW IT.

The package ships a Microsoft Windows Portable Executable (PE) file that appears to be lacking security hardening features. You can see which are missing using the pesec tool from the pev package.

EFI binaries also often trigger this tag. The security flags are probably meaningless for them, but the flags are easily changed using the genpeimg tool from the mingw-w64-tools package.

$ genpeimg -d +d -d +n -d +s $file

Then, to verify that it worked:

$ genpeimg -x $file
Optional Characteristics:
  dynamic-base nx-compatible no-SEH

Please change the flags, if possible, instead of overriding the tag.

For more information please consult:

The following 41 source packages in the archive triggered the tag 2031 times (in any Lintian version).

We found 954 overrides. The tag performed 53% of the time.