sudo and changes in packaging guidelines
Adam Jackson
ajax at redhat.com
Fri Apr 13 18:40:11 UTC 2012
On 4/13/12 2:37 PM, Frank Ch. Eigler wrote:
>
>> [...]
>> If your package meets the following criteria you MUST enable the PIE compiler
>> flags:
>> [...]
>> * Your package runs as root.
>> [...]
>
> If this is meant to cover administrative binaries that have no
> privilege escalation pieces of their own, merely run by root, then
> what makes them different from any other /bin/* program that a root
> process might invoke?
It's not meant to cover that. That phrasing is meant to cover system
components like init that do not function _unless_ run as uid 0.
- ajax
More information about the devel
mailing list