Red Hat Bugzilla – Bug 108165
Make sshd a PIE
Last modified: 2007-11-30 17:10:32 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6a) Gecko/20031021
Description of problem:
Network accessible programs should be PIEs for security reasons. I'll attach a
minimum patch to make sshd (and none of the other programs) a PIE.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.readelf -h /usr/sbin/sshd|fgrep Type:
Actual Results: Type: EXEC (Executable file)
Expected Results: Type: DYN (Shared object file)
Created attachment 95543 [details]
Created attachment 95567 [details]
Better use Jakub's patch which also adds various optimizations.
The minimal patch is maintainable and could/(should?) be applied. The
Jakub's one is highly invasive and it would require too much work when
rebasing to newer versions.
Sorry ignore my previous comment - currently in rawhide the complete
OpenSSH is already built with PIE. However a question is if the PIE
linkage shouldn't be limited to sshd.