Le lundi 30 janvier 2012, à 16:12 +0100, Ludwig Nussel a écrit :
Ludwig Nussel wrote:
The following packages in Factory have setuid binaries that are not compiled with position independent code according to rpmlint. I'd like to make the check (non-position-independent-executable ) fatal on March 1st. I'll also file bugs for the individual packages.
JFYI, tracker bug is here: https://bugzilla.novell.com/showdependencytree.cgi?id=744091
I'm really not fond of the way we're approaching this: we're just patching all packages. This is not a good long term solution (patches will have to be rebased, people might remove the patches because they don't understand what they're for, etc.) and this is not scalable. Can't we do something a little bit better? I see that Debian has this, for instance: http://wiki.debian.org/Hardening http://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_PIE_.28gcc.2BAC8-g.2B-.... I feel that having a wrapper like they do is a much cleaner solution in the end. Is this something we could take inspiration from? Vincent -- Les gens heureux ne sont pas pressés. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org