Source: nginx Version: 1.6.2-5 Nginx isn't built with BIND_NOW like Apache2 is:
$ hardening-check /usr/sbin/nginx /usr/sbin/nginx: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no, not found! $ hardening-check /usr/sbin/apache2 /usr/sbin/apache2: Position Independent Executable: yes Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: yes According to the Debian Hardening documentation [1], enabling this is fairly low risk, especially for a daemon. Thanks for considering this security enhancement. Note that the other security feature missing (PIE) is already discussed in bug #747025. Regards, Simon 1: https://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_BINDNOW_.28ld_-z_now.29 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

