Once upon a time, Adam Jackson <ajax@xxxxxxxxxx> said: > On 4/13/12 2:37 PM, Frank Ch. Eigler wrote: > > > >>[...] > >>If your package meets the following criteria you MUST enable the PIE > >>compiler > >>flags: > >>[...] > >> * Your package runs as root. > >>[...] > > > >If this is meant to cover administrative binaries that have no > >privilege escalation pieces of their own, merely run by root, then > >what makes them different from any other /bin/* program that a root > >process might invoke? > > It's not meant to cover that. That phrasing is meant to cover system > components like init that do not function _unless_ run as uid 0. How about adding an "only" to the sentence then, like: * Your package runs only as root. I had the same misunderstanding. -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
