1264035 – Partial RELRO for sendmail-milter

Bug 1264035 - Partial RELRO for sendmail-milter

Summary: Partial RELRO for sendmail-milter

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	sendmail
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Jaroslav Škarvada
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-09-17 11:26 UTC by Alexander Todorov
Modified:	2015-09-23 15:59 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:	1264033
Environment:
Last Closed:	2015-09-23 15:59:27 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Alexander Todorov 2015-09-17 11:26:17 UTC

Description of problem:


FESCo requires some packages to use PIE and relro hardening by default. This page contains that list:
https://fedoraproject.org/wiki/Hardened_Packages

sendmail-milter uses only Partial RELRO instead of Full RELRO. Please comment if this is acceptable or should be changed ? 

----------
sendmail-8.15.2-2.fc24.src.rpm
/mnt/fedora/Packages/s/sendmail-milter-8.15.2-2.fc24.x86_64.rpm
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FILE
Partial RELRO   Canary found      NX enabled    DSO             No RPATH   No RUNPATH   ./usr/lib64/libmilter.so.1.0.1

Comment 1 Jaroslav Škarvada 2015-09-23 15:57:59 UTC

It makes sense, binaries linking libmilter are usually long running processes processing untrusted data.

Note You need to log in before you can comment on or make changes to this bug.