Red Hat Bugzilla – Bug 965461
pwauth package should be built with PIE flags
Last modified: 2014-03-24 23:44:17 EDT
Description of problem:
http://fedoraproject.org/wiki/Packaging:Guidelines#PIE says that "you MUST
enable the PIE compiler flags if your package has suid binaries...".
However, currently pwauth is not being built with PIE flags. This is a
clear violation of the packaging guidelines.
This issue (in its wider scope) is being discussed at,
Version-Release number of selected component (if applicable):
You can use following programs to check if a package is hardened:
Steps to Reproduce:
Get scanner.py from https://github.com/kholia/checksec
$ ./scanner.py pwauth-2.3.10-4.fc19.x86_64.rpm
Is there any progress on this?
Do you want me to send a patch for this?
pwauth-2.3.10-5.fc18 has been submitted as an update for Fedora 18.
pwauth-2.3.10-5.fc17 has been submitted as an update for Fedora 17.
pwauth-2.3.10-5.fc19 has been submitted as an update for Fedora 19.
pwauth-2.3.10-5.el6 has been submitted as an update for Fedora EPEL 6.
No, I had already patched it and done a build. Didn't get around to flagging the build as an update candidate, but just took care of that now.
* should fix your issue,
* was pushed to the Fedora EPEL 6 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing pwauth-2.3.10-5.el6'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
pwauth-2.3.10-5.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
pwauth-2.3.10-5.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
pwauth-2.3.10-5.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
pwauth-2.3.10-5.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.