Bug 709859

Summary: sudo is missing RELRO linker flag
Product: Red Hat Enterprise Linux 6 Reporter: Steve Grubb <sgrubb>
Component: sudoAssignee: Daniel Kopeček <dkopecek>
Status: CLOSED ERRATA QA Contact: Aleš Mareček <amarecek>
Severity: medium Docs Contact:
Priority: high    
Version: 6.1CC: amarecek, pkovar
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sudo-1.7.4p5-6.el6 Doc Type: Bug Fix
Doc Text:
Because the sudo utility needs to be run with elevated privileges, the sudo package is now built with RELRO linker flags.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-18 06:43:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Steve Grubb 2011-06-01 19:20:19 UTC 
Description of problem:
Daemons and programs that run with elevated privileges need to be PIE executables and have RELRO flag set.

Steps to Reproduce:
1. using http://www.trapkit.de/tools/checksec.sh
2. checksec.sh --file /usr/bin/sudo

  
Actual results:
No RELRO        Canary found      NX enabled    PIE enabled 

Expected results:
RELRO        Canary found      NX enabled    PIE enabled
Comment 5 RHEL Program Management 2011-07-06 01:30:05 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.
Comment 8 Petr Kovar 2011-07-20 15:10:28 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Because the sudo utility needs to be run with elevated privileges, the sudo package is now built with RELRO linker flags.
Comment 10 errata-xmlrpc 2011-08-18 06:43:27 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1175.html