Bug 1264035 - Partial RELRO for sendmail-milter
Partial RELRO for sendmail-milter
Product: Fedora
Classification: Fedora
Component: sendmail (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jaroslav Škarvada
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2015-09-17 07:26 EDT by Alexander Todorov
Modified: 2015-09-23 11:59 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1264033
Last Closed: 2015-09-23 11:59:27 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Alexander Todorov 2015-09-17 07:26:17 EDT
Description of problem:

FESCo requires some packages to use PIE and relro hardening by default. This page contains that list:

sendmail-milter uses only Partial RELRO instead of Full RELRO. Please comment if this is acceptable or should be changed ? 

RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FILE
Partial RELRO   Canary found      NX enabled    DSO             No RPATH   No RUNPATH   ./usr/lib64/libmilter.so.1.0.1
Comment 1 Jaroslav Škarvada 2015-09-23 11:57:59 EDT
It makes sense, binaries linking libmilter are usually long running processes processing untrusted data.

Note You need to log in before you can comment on or make changes to this bug.