Lintian tag: portable-executable-missing-security-features

Type: pedantic

Description (from lintian-explain-tags)

A portable executable (PE32+) file lacks security features.

Due to changes in binutils-mingw-w64 the historical advice is incorrect.
Current tools do not create safe binaries, and advertising such settings
with genpeimg is pointless.

In short, the flags alone do nothing unless a binary is built specifically
to support a missing flag. Merely setting the flag, as recommended below,
can actually make a file less secure.

More information can be found via the link in the references.

The following advice is historical. PLEASE DO NOT FOLLOW IT.

The package ships a Microsoft Windows Portable Executable (PE) file that
appears to be lacking security hardening features. You can see which are
missing using the pesec tool from the pev package.

EFI binaries also often trigger this tag. The security flags are probably
meaningless for them, but the flags are easily changed using the genpeimg
tool from the mingw-w64-tools package.

$ genpeimg -d +d -d +n -d +s $file

Then, to verify that it worked:

$ genpeimg -x $file
...
Optional Characteristics:
dynamic-base nx-compatible no-SEH

Please change the flags, if possible, instead of overriding the tag.

Please refer to https://www.kb.cert.org/vuls/id/307144/ and Bug#953212 for
details.

Visibility: pedantic
Show-Always: no
Check: pe
This tag is experimental.

Show affected packages