Bug 955220 - guacd package should be built with PIE flags
Summary: guacd package should be built with PIE flags
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: guacd
Version: 19
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Simone Caronni
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-04-22 14:55 UTC by Dhiru Kholia
Modified: 2014-03-25 03:44 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-06-03 10:20:20 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Dhiru Kholia 2013-04-22 14:55:38 UTC 
Description of problem:

http://fedoraproject.org/wiki/Packaging:Guidelines#PIE says that "you MUST
enable the PIE compiler flags if your package is long running ...".

However, currently guacd is not being built with PIE flags. This is a
clear violation of the packaging guidelines.

This issue (in its wider scope) is being discussed at,

https://fedorahosted.org/fesco/ticket/1104

https://lists.fedoraproject.org/pipermail/devel/2013-March/180827.html

Version-Release number of selected component (if applicable):

guacd-0.7.0-4.fc19.x86_64.rpm

How reproducible:

You can use following programs to check if a package is hardened:

http://people.redhat.com/sgrubb/files/rpm-chksec

OR

https://github.com/kholia/checksec

Steps to Reproduce:

Get scanner.py from https://github.com/kholia/checksec

$ ./scanner.py guacd-0.7.0-4.fc19.x86_64.rpm
guacd,guacd-0.7.0-4.fc19.x86_64.rpm,/usr/sbin/guacd,NX=Enabled,CANARY=Enabled,RELRO=Partial,PIE=Disabled,RPATH=Disabled,RUNPATH=Disabled,FORTIFY=Enabled,CATEGORY=network-ip
Comment 1 Fedora Update System 2013-05-11 17:22:08 UTC 
guacd-0.7.0-5.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/guacd-0.7.0-5.fc19
Comment 2 Fedora Update System 2013-05-11 17:22:31 UTC 
guacd-0.7.0-5.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/guacd-0.7.0-5.fc18
Comment 3 Fedora Update System 2013-05-11 17:22:47 UTC 
guacd-0.7.0-5.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/guacd-0.7.0-5.fc17
Comment 4 Fedora Update System 2013-05-11 17:23:05 UTC 
guacd-0.7.0-5.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/guacd-0.7.0-5.el6
Comment 5 Fedora Update System 2013-05-23 12:26:43 UTC 
guacd-0.7.0-5.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2013-05-23 12:29:53 UTC 
guacd-0.7.0-5.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2013-05-24 20:23:55 UTC 
guacd-0.7.0-5.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2013-05-28 19:38:08 UTC 
guacd-0.7.0-5.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.