packaging guidelines again
Reindl Harald
h.reindl at thelounge.net
Mon Sep 16 10:15:02 UTC 2013
i get somehow tired to report bugs for several packages,
refresh them at each release because maintainers
ignore guidelines all the time
some of them responded and fixed their packages
some insist to ignore them
https://fedoraproject.org/wiki/Packaging:Guidelines?rd=Packaging/Guidelines#PIE
If your package meets any of the following criteria you
MUST enable the PIE compiler flags:
* Your package is long running
* Your package runs as root
____________________________________________
since there is nobody logged in these are *all* long
running processes and enough of them even running as
root and so match *two* reasons for harden them
[root at srv-rhsoft:~]$ checksec --proc-all | grep "No PIE"
X 21342 Partial RELRO Canary found NX enabled No PIE
login 26045 Partial RELRO Canary found NX enabled No PIE
alsactl 642 Partial RELRO Canary found NX enabled No PIE
mdadm 651 Partial RELRO Canary found NX enabled No PIE
upowerd 704 Partial RELRO Canary found NX enabled No PIE
avahi-daemon 705 Partial RELRO Canary found NX enabled No PIE
rtkit-daemon 718 Partial RELRO Canary found NX enabled No PIE
pulseaudio 869 Full RELRO Canary found NX enabled No PIE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130916/130683cd/attachment-0001.sig>
More information about the devel
mailing list