Bug 419181

Summary: okular could use more hardening
Product: [KDE Neon] neon Reporter: Laurent Bonnaud <L.Bonnaud>
Component: SnapsAssignee: Neon Bugs <neon-bugs-null>
Status: RESOLVED FIXED    
Severity: normal CC: nate, neon-bugs-null
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Laurent Bonnaud 2020-03-24 13:18:07 UTC 
Hi,

could you please enable more hardening when compiling okular?

STEPS TO REPRODUCE
1. snap install okular
2. hardening-check /snap/okular/current/usr/bin/okular

OBSERVED RESULT

/snap/okular/current/usr/bin/okular:
 Position Independent Executable: yes
 Stack protected: yes
 Fortify Source functions: no, only unprotected functions found!
 Read-only relocations: yes
 Immediate binding: yes
 Stack clash protection: unknown, no -fstack-clash-protection instructions found
 Control flow integrity: unknown, no -fcf-protection instructions found!

EXPECTED RESULT
Stack clash protection and Control flow integrity enabled in okular.

SOFTWARE/OS VERSIONS
irrelevent
Comment 1 Laurent Bonnaud 2023-04-02 10:00:50 UTC 
I am closing this bug because the okular snap is now on the same hardening level as apt packages and flatpak bundles.