Please re-enable PIE and BIND_NOW
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
totem (Ubuntu) |
Fix Released
|
Medium
|
Mathieu Trudel-Lapierre | ||
Precise |
Won't Fix
|
Medium
|
Unassigned | ||
Quantal |
Fix Released
|
Medium
|
Mathieu Trudel-Lapierre |
Bug Description
Ubuntu 11.10 added hardening options to totem, bug Ubuntu 12.04 and 12.10 lost PIE and BIND_NOW. These are important compiler hardening features that help protect users from malicious content.
This can be seen with the hardening check command:
/tmp/built-
Position Independent Executable: no, normal executable!
Stack protected: no, not found! (ignored)
Immediate binding: no, not found!
/tmp/built-
Position Independent Executable: no, normal executable!
Stack protected: no, not found! (ignored)
Immediate binding: no, not found!
/tmp/built-
Position Independent Executable: no, normal executable!
Stack protected: no, not found! (ignored)
Immediate binding: no, not found!
/tmp/built-
Position Independent Executable: no, normal executable!
Immediate binding: no, not found!
(the stack-protector check can be ignored since it depends on the code having certain characteristics).
tags: | added: regression-release |
Changed in totem (Ubuntu Quantal): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Mathieu Trudel-Lapierre (mathieu-tl) |
Changed in totem (Ubuntu Precise): | |
importance: | Undecided → Medium |
status: | New → Triaged |
This bug was fixed in the package totem - 3.4.3-0ubuntu4
---------------
totem (3.4.3-0ubuntu4) quantal; urgency=low
* debian/rules: re-enable hardening, make sure both PIE and BINDNOW are used
by setting hardening=+all. (LP: #1039604)
* debian/control.in: add dpkg-dev (>= 1.16.1.1) to Build-Depends.
-- Mathieu Trudel-Lapierre <email address hidden> Tue, 18 Sep 2012 12:22:15 -0400