Hide Forgot
Description of problem: The acl package contains libraries. We would like them to be built with partial RELRO support as a security enhancement. Additional info: Partial RELRO requires these passed at link: -Wl,-z,relro
This will fix it: Index: acl.spec =================================================================== RCS file: /cvs/dist/rpms/acl/RHEL-6/acl.spec,v retrieving revision 1.43 diff -u -p -r1.43 acl.spec --- acl.spec 26 Jul 2011 12:16:51 -0000 1.43 +++ acl.spec 26 Jul 2011 12:26:53 -0000 @@ -62,7 +62,7 @@ autoconf %build touch .census # acl abuses libexecdir -%configure --libdir=/%{_lib} --libexecdir=%{_libdir} +%configure --libdir=/%{_lib} --libexecdir=%{_libdir} LDFLAGS="$LDFLAGS -Wl,-z,relro" make %{?_smp_mflags} LIBTOOL="libtool --tag=CC" %check
Using aforementioned tool (rpm-chksec) on acl-2.2.49-6.el6, I've got: FILE TYPE RELRO PIE /usr/bin/chacl exec partial no /usr/bin/getfacl exec partial no /usr/bin/setfacl exec partial no Edo, Steve, I am not sure what is the meaning of this outcome, is this tool documented somewhere?
The color coding help you interpret the results. :)
Ondrej, as for this bug, you need to check libacl in the first place. That is the subpackage that provides the library.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2011-1657.html