Red Hat Bugzilla – Bug 983619
kdm must be a hardened build
Last modified: 2013-10-16 09:16:15 EDT
kdm 1968 Partial RELRO Canary found NX enabled No PIE
* no "FULL RELRO"
* no PIE
kdm is a long-living process running even as root
If your package meets any of the following criteria you MUST enable the PIE compiler flags:
Your package is long running. This means it's likely to be started and keep running until the machine is rebooted, not start on demand and quit on idle.
Your package has suid binaries, or binaries with capabilities.
Your package runs as root.
If your package meets the following criteria you should consider enabling the PIE compiler flags:
Your package accepts/processes untrusted input.
Included in F18/F19 commit b4210dfc and Rawhide commit 278f1e8c.
confirmed with "checksec --proc-all" and kdm-4.10.5-5.fc18.x86_64
kdm 302 Full RELRO Canary found NX enabled PIE enabled
Fixed in Fedora kde-workspace git with commit e89a669ed2e553fbb572dac5677a577b5e1ed205 and kdm in versions newer than 4.10.97-3 is hardened.