Bug 983621 - no hardening build
Summary: no hardening build
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: upower
Version: 18
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Richard Hughes
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-07-11 14:43 UTC by Harald Reindl
Modified: 2013-08-14 13:54 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-08-14 13:54:08 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Harald Reindl 2013-07-11 14:43:49 UTC 
checksec:
upowerd  14552 Partial RELRO     Canary found           NX enabled    No PIE 

* no "FULL RELRO"
* no PIE

upowerd is a long living process running even as root
______________________________________________

If your package meets any of the following criteria you MUST enable the PIE compiler flags:

    Your package is long running. This means it's likely to be started and keep running until the machine is rebooted, not start on demand and quit on idle. 

    Your package has suid binaries, or binaries with capabilities. 

    Your package runs as root. 

If your package meets the following criteria you should consider enabling the PIE compiler flags:

    Your package accepts/processes untrusted input.
Comment 1 Harald Reindl 2013-08-13 20:57:47 UTC 
any news here?

"upowerd" is even fired up on headless servers after you start graphical apps like "kate" and after that running forever which is not uncommon to edit a bundle of RPM-SPEC files on build-machines

[root@buildserver:~]$ ps aux | grep upower
root       380  0.0  0.1 230888  4340 ?        Ssl  Aug10   0:01 /usr/libexec/upowerd
Comment 2 Richard Hughes 2013-08-14 13:54:08 UTC 
upower is built with PIE and full RELRO since 0.9.21-1
Note You need to log in before you can comment on or make changes to this bug.