portable-executable-missing-security-features
A portable executable (PE32+) file lacks security features.
Due to changes in binutils-mingw-w64
the historical
advice is incorrect. Current tools do not create safe binaries,
and advertising such settings with genpeimg
is pointless.
In short, the flags alone do nothing unless a binary is built specifically to support a missing flag. Merely setting the flag, as recommended below, can actually make a file less secure.
More information can be found via the link in the references.
The following advice is historical. PLEASE DO NOT FOLLOW IT.
The package ships a Microsoft Windows Portable Executable (PE) file
that appears to be lacking security hardening features. You can see
which are missing using the pesec
tool from the
pev
package.
EFI binaries also often trigger this tag. The security flags are
probably meaningless for them, but the flags are easily changed
using the genpeimg
tool from the mingw-w64-tools
package.
$ genpeimg -d +d -d +n -d +s $file
Then, to verify that it worked:
$ genpeimg -x $file
...
Optional Characteristics:
dynamic-base nx-compatible no-SEH
Please change the flags, if possible, instead of overriding the tag.
Severity: | pedantic |
Experimental: | true |
See also
- list of all the affected packages
- the source of this tag