Am 13.10.2013 22:04, schrieb Till Maas: > On Mon, Sep 16, 2013 at 12:15:02PM +0200, Reindl Harald wrote: >> i get somehow tired to report bugs for several packages, >> refresh them at each release because maintainers >> ignore guidelines all the time >> >> some of them responded and fixed their packages >> some insist to ignore them > > thank you for your work. Can you please add pointers to the respective > bug reports so that this can be escalated to FESCo? > >> [root@srv-rhsoft:~]$ checksec --proc-all | grep "No PIE" >> X 21342 Partial RELRO Canary found NX enabled No PIE >> login 26045 Partial RELRO Canary found NX enabled No PIE >> alsactl 642 Partial RELRO Canary found NX enabled No PIE >> mdadm 651 Partial RELRO Canary found NX enabled No PIE >> upowerd 704 Partial RELRO Canary found NX enabled No PIE >> avahi-daemon 705 Partial RELRO Canary found NX enabled No PIE >> rtkit-daemon 718 Partial RELRO Canary found NX enabled No PIE >> pulseaudio 869 Full RELRO Canary found NX enabled No PIE >> > > Also it would be nice if you ask FESCo to update the list at > https://fedoraproject.org/wiki/Hardened_Packages > to include the packages you noticed are missing there sorry for late answer, i was on the openssl party, but as "excuse" some more security relevant bugsreports below https://bugzilla.redhat.com/show_bug.cgi?id=319901#c108 https://bugzilla.redhat.com/show_bug.cgi?id=1019390#c3 _____________________________________ here we go again for herdening issues X: https://bugzilla.redhat.com/show_bug.cgi?id=983604 login: https://bugzilla.redhat.com/show_bug.cgi?id=984181 alsactl: https://bugzilla.redhat.com/show_bug.cgi?id=1008385 mdadm: https://bugzilla.redhat.com/show_bug.cgi?id=983615 upowerd: https://bugzilla.redhat.com/show_bug.cgi?id=1008400 avahi-daemon: unable to find my bugreport, pretty sure a made one rtkit: https://bugzilla.redhat.com/show_bug.cgi?id=996735 pulseaudio: https://bugzilla.redhat.com/show_bug.cgi?id=983606 policykit: https://bugzilla.redhat.com/show_bug.cgi?id=983623 perl: https://bugzilla.redhat.com/show_bug.cgi?id=984185 mailgraph (perl, long running, root): https://bugzilla.redhat.com/show_bug.cgi?id=990052 smokeping (perl, long running, root): https://bugzilla.redhat.com/show_bug.cgi?id=990055 gpsd: https://bugzilla.redhat.com/show_bug.cgi?id=1000643 firefox: https://bugzilla.redhat.com/show_bug.cgi?id=973458 _____________________________________ in fact "Your package accepts/processes untrusted input" raises again the question why not herden the complete distribution since Browsers, PDF readers, office suites, imageviewers and so on all are processing untrusted input at the end of the day please keep also in mind that this is only a small subset of processes running on my KDE homeserver while no graphical login is active listed in a ssh-session in fact there are *a lot* of more processes which can be considered as "long running" after login in the GUI and on always-on machines the KDE session is running for days
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
