Bug 390981 - textrel's in /usr/bin/at
textrel's in /usr/bin/at
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: at (Show other bugs)
4.0
All Linux
low Severity low
: ---
: ---
Assigned To: Marcela Mašláňová
:
Depends On: 391681
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-19 14:50 EST by Kevin Graham
Modified: 2010-02-22 07:39 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-02-22 07:39:28 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kevin Graham 2007-11-19 14:50:54 EST
Description of problem:

In at-3.1.8-80_EL4 (and presumably earlier versions as well) /usr/bin/at is
built as a PIE, but contains a textrel segment. 

Version-Release number of selected component (if applicable):

at-3.1.8-80_EL4

How reproducible:

host:~ # eu-readelf -d /usr/bin/at | grep TEXT
  TEXTREL
host:~ #

Additional info:

Obviously there are plenty of other cases in RHEL4, but presumably at least SUID
binaries directly interacting with users should be taking advantage of available
protections.
Comment 1 Marcela Mašláňová 2007-11-20 03:26:18 EST
The problem doesn't occur in version of at-3.1.10.
Comment 2 Marcela Mašláňová 2007-11-20 03:39:19 EST
_At_ is statically linked with libfl (from flex) -> opening bug on flex. _At_
needs rebuild after rebuild flex with -fpie option.
Comment 3 Marcela Mašláňová 2010-02-22 07:39:28 EST
The last planned update of RHEL-4 will be focused on performance and security bugs only. This bug doesn't occur in RHEL-5.

Note You need to log in before you can comment on or make changes to this bug.