[Fedora-packaging] RFC mass bug reporting: checksec failures
Alexander Todorov
atodorov at redhat.com
Fri Sep 11 11:50:42 UTC 2015
Hello folks,
I'm looking at this feature:
https://fedoraproject.org/wiki/Changes/Harden_All_Packages
<quote>
How To Test
Running checksec should always report only
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH
otherwise a tracking bug should exist for the respective packages
</quote>
On a current Rawhide installation I'm seeing lots of potential failures, for
example:
Partial RELRO Canary found NX enabled No PIE No RPATH No
RUNPATH
Question is how to deal with these because they appear to be in the hundreds ?
I will do my best to filter out any false negatives and group the results per
package but this still leaves quite a big number of bugs to report.
How do you feel about reporting all of these offences automatically ? Are there
any known exceptions which should be mentioned in the wiki page above ?
--
Alex
More information about the packaging
mailing list