https://bugzilla.redhat.com/show_bug.cgi?id=984185 Bug ID: 984185 Summary: perl should be a hardened build Product: Fedora Version: 18 Component: perl Severity: unspecified Priority: unspecified Assignee: mmaslano@xxxxxxxxxx Reporter: h.reindl@xxxxxxxxxxxxx QA Contact: extras-qa@xxxxxxxxxxxxxxxxx CC: cweyl@xxxxxxxxxxxxxxx, iarnell@xxxxxxxxx, jplesnik@xxxxxxxxxx, kasal@xxxxxx, mmaslano@xxxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx, ppisar@xxxxxxxxxx, psabata@xxxxxxxxxx, rc040203@xxxxxxxxxx, tcallawa@xxxxxxxxxx perl is often used for long running services (mailgraph, smokeping, postgrey..) as well as called from webservers with untrusted input so it should be "Full RELRO" and PIE http://fedoraproject.org/wiki/Packaging:Guidelines#PIE ______________________________________________________ If your package meets any of the following criteria you MUST enable the PIE compiler flags: Your package is long running. This means it's likely to be started and keep running until the machine is rebooted, not start on demand and quit on idle. Your package has suid binaries, or binaries with capabilities. Your package runs as root. If your package meets the following criteria you should consider enabling the PIE compiler flags: Your package accepts/processes untrusted input. ______________________________________________________ [root@srv-rhsoft:~]$ checksec --file /usr/bin/perl RELRO STACK CANARY NX PIE RPATH RUNPATH FILE Partial RELRO Canary found NX enabled No PIE RPATH RUNPATH /usr/bin/perl -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=YABEZK214w&a=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/perl-devel
