/usr/bin/timeadj doesn't appear to have stack protection

Binary package hint: ntp

For some reason, the timeadj binary in the ntp package doesn't appear to get built with gcc's stack protector option. Running the hardening check from the qa-regression-testing testsuite doesn't find the __stack_chk_fail symbol.

ubuntu@lucid-server-ia32:~/bzr/qa-regression-testing/scripts$ apt-cache policy ntp
ntp:
  Installed: 1:4.2.4p8+dfsg-1ubuntu1
  Candidate: 1:4.2.4p8+dfsg-1ubuntu1
  Version table:
 *** 1:4.2.4p8+dfsg-1ubuntu1 0
        500 http://denisovich lucid/main Packages
        100 /var/lib/dpkg/status

ubuntu@lucid-server-ia32:~/bzr/qa-regression-testing/scripts$ dpkg -S /usr/bin/tickadj
ntp: /usr/bin/tickadj

ubuntu@lucid-server-ia32:~/bzr/qa-regression-testing/scripts$ built-binaries/hardening-check -f /usr/bin/tickadj
/usr/bin/tickadj:
 Position Independent Executable: yes
 Stack protected: no, not found!
 Fortify Source functions: yes
 Read-only relocations: yes
 Immediate binding: yes

ProblemType: Bug
Architecture: i386
Date: Wed Feb 3 15:13:35 2010
DistroRelease: Ubuntu 10.04
InstallationMedia: Error: [Errno 13] Permission denied: '/var/log/installer/media-info'
NtpStatus: ntpq: read: Connection refused
Package: ntp 1:4.2.4p8+dfsg-1ubuntu1
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.32-12.16-generic-pae
SourcePackage: ntp
Uname: Linux 2.6.32-12-generic-pae i686