Bug 390981

Summary: textrel's in /usr/bin/at
Product: Red Hat Enterprise Linux 4 Reporter: Kevin Graham <kgraham>
Component: atAssignee: Marcela Mašláňová <mmaslano>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: 4.0   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-02-22 12:39:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 391681    
Bug Blocks:    

Description Kevin Graham 2007-11-19 19:50:54 UTC 
Description of problem:

In at-3.1.8-80_EL4 (and presumably earlier versions as well) /usr/bin/at is
built as a PIE, but contains a textrel segment. 

Version-Release number of selected component (if applicable):

at-3.1.8-80_EL4

How reproducible:

host:~ # eu-readelf -d /usr/bin/at | grep TEXT
  TEXTREL
host:~ #

Additional info:

Obviously there are plenty of other cases in RHEL4, but presumably at least SUID
binaries directly interacting with users should be taking advantage of available
protections.
Comment 1 Marcela Mašláňová 2007-11-20 08:26:18 UTC 
The problem doesn't occur in version of at-3.1.10.
Comment 2 Marcela Mašláňová 2007-11-20 08:39:19 UTC 
_At_ is statically linked with libfl (from flex) -> opening bug on flex. _At_
needs rebuild after rebuild flex with -fpie option.
Comment 3 Marcela Mašláňová 2010-02-22 12:39:28 UTC 
The last planned update of RHEL-4 will be focused on performance and security bugs only. This bug doesn't occur in RHEL-5.