amavisd-milter is no longer built w/PIE and BINDNOW hardening
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
amavisd-milter (Debian) |
Fix Released
|
Unknown
|
|||
amavisd-milter (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Natty |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: amavisd-milter
In maverick and and earlier, amavisd-new-milter was built with the PIE and BINDNOW hardening options (see https:/
To reproduce:
1) grab the hardening_check script from http://
2) unpack via dpkg-deb -x or install amavsid-milter
3) run the hardening-check script on (EXTRACTEDPATH)
4) output should look like:
/usr/
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
however, without hardening-wrapper applied, it looks like:
/usr/
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: no, not found!
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: amavisd-milter 1.5.0-2
ProcVersionSign
Uname: Linux 2.6.38-8-server x86_64
Architecture: amd64
Date: Thu Apr 21 17:48:50 2011
InstallationMedia: Ubuntu-Server 11.04 "Natty Narwhal" - Alpha amd64 (20110211)
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: amavisd-milter
UpgradeStatus: No upgrade log present (probably fresh install)
Related branches
Changed in amavisd-milter (Ubuntu Natty): | |
importance: | Undecided → Medium |
milestone: | none → ubuntu-11.04 |
status: | New → Confirmed |
tags: | added: regression-release |
Changed in amavisd-milter (Debian): | |
status: | Unknown → Fix Released |
Attached is a debdiff to fix it. Verified on amd64.