Description of problem: http://fedoraproject.org/wiki/Packaging:Guidelines#PIE says that "you MUST enable the PIE compiler flags if your package has suid binaries...". However, currently pwauth is not being built with PIE flags. This is a clear violation of the packaging guidelines. This issue (in its wider scope) is being discussed at, https://fedorahosted.org/fesco/ticket/1104 https://lists.fedoraproject.org/pipermail/devel/2013-March/180827.html Version-Release number of selected component (if applicable): pwauth-2.3.10-4.fc19.x86_64.rpm How reproducible: You can use following programs to check if a package is hardened: http://people.redhat.com/sgrubb/files/rpm-chksec OR https://github.com/kholia/checksec Steps to Reproduce: Get scanner.py from https://github.com/kholia/checksec $ ./scanner.py pwauth-2.3.10-4.fc19.x86_64.rpm pwauth,pwauth-2.3.10-4.fc19.x86_64.rpm,/usr/bin/pwauth,mode=0104750,NX=Enabled,CANARY=Enabled,RELRO=Partial,PIE=Disabled,RPATH=Disabled,RUNPATH=Disabled,FORTIFY=Enabled,CATEGORY=None
Hi, Is there any progress on this? Do you want me to send a patch for this?
pwauth-2.3.10-5.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/pwauth-2.3.10-5.fc18
pwauth-2.3.10-5.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/pwauth-2.3.10-5.fc17
pwauth-2.3.10-5.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/pwauth-2.3.10-5.fc19
pwauth-2.3.10-5.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/pwauth-2.3.10-5.el6
No, I had already patched it and done a build. Didn't get around to flagging the build as an update candidate, but just took care of that now.
Package pwauth-2.3.10-5.el6: * should fix your issue, * was pushed to the Fedora EPEL 6 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing pwauth-2.3.10-5.el6' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6066/pwauth-2.3.10-5.el6 then log in and leave karma (feedback).
pwauth-2.3.10-5.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
pwauth-2.3.10-5.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
pwauth-2.3.10-5.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
pwauth-2.3.10-5.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.