Chris Adams <cmadams@xxxxxxxxxx> wrote: > Once upon a time, Adam Jackson <ajax@xxxxxxxxxx> said: > > On 4/13/12 2:37 PM, Frank Ch. Eigler wrote: > > > > > >>[...] > > >>If your package meets the following criteria you MUST enable the PIE > > >>compiler > > >>flags: > > >>[...] > > >> * Your package runs as root. > > >>[...] > > > > > >If this is meant to cover administrative binaries that have no > > >privilege escalation pieces of their own, merely run by root, then > > >what makes them different from any other /bin/* program that a root > > >process might invoke? > > > > It's not meant to cover that. That phrasing is meant to cover system > > components like init that do not function _unless_ run as uid 0. > > How about adding an "only" to the sentence then, like: > > * Your package runs only as root. Nope. A program running as SGID games (or any other "different than the user starting it" or "needs any special privileges") should be included here. -- Dr. Horst H. von Brand User #22616 counter.li.org Departamento de Informatica Fono: +56 32 2654431 Universidad Tecnica Federico Santa Maria +56 32 2654239 Casilla 110-V, Valparaiso, Chile 2340000 Fax: +56 32 2797513 -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
