Bug 1264035

Summary: Partial RELRO for sendmail-milter
Product: [Fedora] Fedora Reporter: Alexander Todorov <atodorov>
Component: sendmailAssignee: Jaroslav Škarvada <jskarvad>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: dwmw2, extras-qa, jskarvad
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1264033 Environment:
Last Closed: 2015-09-23 15:59:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alexander Todorov 2015-09-17 11:26:17 UTC 
Description of problem:


FESCo requires some packages to use PIE and relro hardening by default. This page contains that list:
https://fedoraproject.org/wiki/Hardened_Packages

sendmail-milter uses only Partial RELRO instead of Full RELRO. Please comment if this is acceptable or should be changed ? 

----------
sendmail-8.15.2-2.fc24.src.rpm
/mnt/fedora/Packages/s/sendmail-milter-8.15.2-2.fc24.x86_64.rpm
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FILE
Partial RELRO   Canary found      NX enabled    DSO             No RPATH   No RUNPATH   ./usr/lib64/libmilter.so.1.0.1
Comment 1 Jaroslav Škarvada 2015-09-23 15:57:59 UTC 
It makes sense, binaries linking libmilter are usually long running processes processing untrusted data.