Bug 972970
| Summary: | "Partial RELRO" not detected | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Harald Reindl <h.reindl> | ||||
| Component: | hardening-check | Assignee: | Björn 'besser82' Esser <besser82> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 18 | CC: | besser82 | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2013-06-11 06:18:06 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Thanks for your bug-report, in return. :) The "Partial RELRO" issued by check-security.sh, is perfectly the same as hardening-check reporting: "RELRO: yes, Immediate Binding: no". See [1] for further reference. For colored output you can use --color switch. More options are described in hardening-check's manpage and/or --help output. I'll close here --> NOTABUG [1] http://tk-blog.blogspot.de/2009/02/relro-not-so-well-known-memory.html got it - thank you well, looks like you packacged "checksec" too - fine :-) http://koji.fedoraproject.org/koji/buildinfo?buildID=426028 ________________________________________________ [harry@srv-rhsoft:~]$ cat /usr/local/bin/hardening-check #!/usr/bin/bash /usr/bin/hardening-check --color $1 echo "" /usr/bin/checksec --file $1 |
Created attachment 759390 [details] archive with screenshot and two hardening-checkers first thank you for the fedora-package what i am missing is "Partial RELRO" which is detected by a perl script found the last days and actually i was able to change the output of some private packages from "Partial RELRO" to a green "Full RELRO" attached a screnshot and both of my script called by "hardening-check.sh" to see the difference - the perl script seem to do a better job here and maybe something could be patched into "hardening-check" - the colored output would also be nice :-)