Description of problem: FESCo requires some packages to use PIE and relro hardening by default. This page contains that list: https://fedoraproject.org/wiki/Hardened_Packages sendmail-milter uses only Partial RELRO instead of Full RELRO. Please comment if this is acceptable or should be changed ? ---------- sendmail-8.15.2-2.fc24.src.rpm /mnt/fedora/Packages/s/sendmail-milter-8.15.2-2.fc24.x86_64.rpm RELRO STACK CANARY NX PIE RPATH RUNPATH FILE Partial RELRO Canary found NX enabled DSO No RPATH No RUNPATH ./usr/lib64/libmilter.so.1.0.1
It makes sense, binaries linking libmilter are usually long running processes processing untrusted data.