Red Hat Bugzilla – Bug 983621
no hardening build
Last modified: 2013-08-14 09:54:08 EDT
upowerd 14552 Partial RELRO Canary found NX enabled No PIE
* no "FULL RELRO"
* no PIE
upowerd is a long living process running even as root
If your package meets any of the following criteria you MUST enable the PIE compiler flags:
Your package is long running. This means it's likely to be started and keep running until the machine is rebooted, not start on demand and quit on idle.
Your package has suid binaries, or binaries with capabilities.
Your package runs as root.
If your package meets the following criteria you should consider enabling the PIE compiler flags:
Your package accepts/processes untrusted input.
any news here?
"upowerd" is even fired up on headless servers after you start graphical apps like "kate" and after that running forever which is not uncommon to edit a bundle of RPM-SPEC files on build-machines
[root@buildserver:~]$ ps aux | grep upower
root 380 0.0 0.1 230888 4340 ? Ssl Aug10 0:01 /usr/libexec/upowerd
upower is built with PIE and full RELRO since 0.9.21-1