[root@srv-rhsoft:~]$ checksec --dir /usr/lib64/httpd/modules/ RELRO STACK CANARY NX PIE RPATH RUNPATH FILE Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH /usr/lib64/httpd/modules/libphp5.so Partial RELRO Canary found NX enabled DSO No RPATH No RUNPATH /usr/lib64/httpd/modules/mod_authz_svn.so Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH /usr/lib64/httpd/modules/mod_cgi.so Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH /usr/lib64/httpd/modules/mod_dav.so Partial RELRO Canary found NX enabled DSO No RPATH No RUNPATH /usr/lib64/httpd/modules/mod_dav_svn.so
*what* "CLOSED RAWHIDE"? that does not fix it for F18
Has it been fixed now?
no: http://koji.fedoraproject.org/koji/packageinfo?packageID=752 this was only updated for F20 and not for F18/F19
http://pkgs.fedoraproject.org/cgit/subversion.git/diff/?id=0d5a75e67b966a14bd14f6a0b73394c286cba52c
still not "Full RELRO" http://tk-blog.blogspot.co.at/2009/02/relro-not-so-well-known-memory.html [root@srv-rhsoft:~]$ /usr/bin/hardening-check /usr/lib64/httpd/modules/mod_dav_svn.so /usr/lib64/httpd/modules/mod_dav_svn.so: Position Independent Executable: no, regular shared library (ignored) Stack protected: yes Fortify Source functions: unknown, no protectable libc functions used Read-only relocations: yes Immediate binding: no, not found! [root@srv-rhsoft:~]$ rpm -q mod_dav_svn mod_dav_svn-1.7.11-1.fc18.x86_64
Thanks Harald - I'd spotted your comment between doing the f18 and f19 builds. I've fired off a new f18 build with that fix, and will update the bodhi update: http://koji.fedoraproject.org/koji/taskinfo?taskID=5657252
no proble, thank you! it's not too important, but on the other hand i love the idea to run "checksec --proc-all" (which is now in the Fedora repos and have anything green at least on machines with no desktop session running (and on the long run also with the desktop)
Commit: http://pkgs.fedoraproject.org/gitweb/?p=subversion.git;a=commitdiff;h=bf2fea072acd25c14eb43928097c5168918e1eee Package: subversion-1.7.11-1.fc18.1 Build: https://koji.fedoraproject.org/koji/buildinfo?buildID=437937
thank you very much mod_dav_svn-1.7.11-1.fc18.1.x86_64 makes it perfect [root@srv-rhsoft:/downloads]$ hardening-check /usr/lib64/httpd/modules/mod_dav_svn.so /usr/lib64/httpd/modules/mod_dav_svn.so: Position Independent Executable: no, regular shared library (ignored) Stack protected: yes Fortify Source functions: unknown, no protectable libc functions used Read-only relocations: yes Immediate binding: yes