Bug 1956998 - annocheck reports that pigz is compiled without -fstack-protector-strong, -D_FORTIFY_SOURCE=2, and -fPIE/-fPIC
Summary: annocheck reports that pigz is compiled without -fstack-protector-strong, -D_...
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: pigz
Version: 9.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: beta
: ---
Assignee: Prarit Bhargava
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-05-04 20:04 UTC by Jan Pazdziora
Modified: 2021-05-05 09:47 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)

Description Jan Pazdziora 2021-05-04 20:04:32 UTC
Description of problem:

Running annocheck on pigz reports that binaries in /usr/bin were compiled without stack protector and without position independent code.

Version-Release number of selected component (if applicable):

pigz-2.5-2.el9.x86_64

How reproducible:

Deterministic

Steps to Reproduce:
1. rpm -ql pigz | xargs annocheck -v --ignore-gaps | grep FAIL:

Actual results:

Hardened: /usr/bin/unpigz: FAIL: pie test because not linked with -Wl,-pie 
Hardened: /usr/bin/unpigz: FAIL: bind-now test because not linked with -Wl,-z,now 
Hardened: /usr/bin/unpigz: FAIL: stack-prot test because stack protection deliberately disabled (addr range: 0x403580..0x403585) 
Hardened: /usr/bin/pigz: FAIL: pie test because not linked with -Wl,-pie 
Hardened: /usr/bin/pigz: FAIL: bind-now test because not linked with -Wl,-z,now 
Hardened: /usr/bin/pigz: FAIL: stack-prot test because stack protection deliberately disabled (addr range: 0x403580..0x403585) 

Expected results:

No FAILs reported by annocheck.

Additional info:


Note You need to log in before you can comment on or make changes to this bug.