Source: nginx
Version: 1.6.2-5

Nginx isn't built with BIND_NOW like Apache2 is:

$ hardening-check /usr/sbin/nginx
/usr/sbin/nginx:
 Position Independent Executable: no, normal executable!
 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
 Read-only relocations: yes
 Immediate binding: no, not found!

$ hardening-check /usr/sbin/apache2
/usr/sbin/apache2:
 Position Independent Executable: yes
 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
 Read-only relocations: yes
 Immediate binding: yes

According to the Debian Hardening documentation [1], enabling this is
fairly low risk, especially for a daemon.

Thanks for considering this security enhancement.


Note that the other security feature missing (PIE) is already discussed
in bug #747025.

Regards,
Simon


1:
https://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_BINDNOW_.28ld_-z_now.29


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to