Mattia Verga wrote:
> Greetings,
> I saw the changes in packaging guidelines related to PIE:
>
> /If your package meets the following criteria you *MUST* enable the PIE
> compiler flags: /
>
> * /Your package is long running. This means it's likely to be started
> and keep running until th
On Fri, Apr 13, 2012 at 02:40:11PM -0400, Adam Jackson wrote:
> On 4/13/12 2:37 PM, Frank Ch. Eigler wrote:
> >
> >>[...]
> >>If your package meets the following criteria you MUST enable the PIE
> >>compiler
> >>flags:
> >>[...]
> >> * Your package runs as root.
> >>[...]
> >
> >If this is meant
On Fri, Apr 13, 2012 at 04:36:07PM -0400, Adam Jackson wrote:
> On 4/13/12 3:19 PM, Richard W.M. Jones wrote:
> >On Fri, Apr 13, 2012 at 10:47:00AM -0700, Toshio Kuratomi wrote:
> >>Although (since I know Rich works on OCaml stuff) since OCaml is compiled to
> >>C before being compiled to object co
On 4/13/12 3:19 PM, Richard W.M. Jones wrote:
On Fri, Apr 13, 2012 at 10:47:00AM -0700, Toshio Kuratomi wrote:
Although (since I know Rich works on OCaml stuff) since OCaml is compiled to
C before being compiled to object code, this section might still apply.
OCaml isn't compiled to C, it's co
Once upon a time, Horst H. von Brand said:
> Chris Adams wrote:
> > Once upon a time, Adam Jackson said:
> > > On 4/13/12 2:37 PM, Frank Ch. Eigler wrote:
> > > >
> > > >>[...]
> > > >>If your package meets the following criteria you MUST enable the PIE
> > > >>compiler
> > > >>flags:
> > > >>[
On Fri, Apr 13, 2012 at 2:16 PM, Frank Ch. Eigler wrote:
>
> ajax wrote:
>
>> [...]
>>> If this is meant to cover administrative binaries that have no
>>> privilege escalation pieces of their own, merely run by root, then
>>> what makes them different from any other /bin/* program that a root
>>>
On Fri, Apr 13, 2012 at 10:47:00AM -0700, Toshio Kuratomi wrote:
> Although (since I know Rich works on OCaml stuff) since OCaml is compiled to
> C before being compiled to object code, this section might still apply.
OCaml isn't compiled to C, it's compiled direct to machine code.
The OCaml nati
ajax wrote:
> [...]
>> If this is meant to cover administrative binaries that have no
>> privilege escalation pieces of their own, merely run by root, then
>> what makes them different from any other /bin/* program that a root
>> process might invoke?
>
> It's not meant to cover that. That phras
Chris Adams wrote:
> Once upon a time, Adam Jackson said:
> > On 4/13/12 2:37 PM, Frank Ch. Eigler wrote:
> > >
> > >>[...]
> > >>If your package meets the following criteria you MUST enable the PIE
> > >>compiler
> > >>flags:
> > >>[...]
> > >> * Your package runs as root.
> > >>[...]
> > >
>
Toshio Kuratomi wrote:
> On Fri, Apr 13, 2012 at 06:39:14PM +0100, Richard W.M. Jones wrote:
> > On Fri, Apr 13, 2012 at 12:36:36PM -0500, Jon Ciesla wrote:
> > > >
> > > > - Is the above an 'AND' or an 'OR' set of requirements?
> > >
> > > OR.
> >
> > Thanks. That wasn't clear to me at all --
Jon Ciesla wrote:
> On Fri, Apr 13, 2012 at 12:32 PM, Richard W.M. Jones
> wrote:
[...]
> > - What happens if the program isn't written in C?
> If it's not C, C++, etc, it's not applicable. I don't believe it
> applies to other compiled languages.
Why not? I can't think of a SUID binary wr
Once upon a time, Adam Jackson said:
> On 4/13/12 2:37 PM, Frank Ch. Eigler wrote:
> >
> >>[...]
> >>If your package meets the following criteria you MUST enable the PIE
> >>compiler
> >>flags:
> >>[...]
> >> * Your package runs as root.
> >>[...]
> >
> >If this is meant to cover administrative
On 4/13/12 2:37 PM, Frank Ch. Eigler wrote:
[...]
If your package meets the following criteria you MUST enable the PIE compiler
flags:
[...]
* Your package runs as root.
[...]
If this is meant to cover administrative binaries that have no
privilege escalation pieces of their own, merely ru
> [...]
> If your package meets the following criteria you MUST enable the PIE compiler
> flags:
> [...]
> * Your package runs as root.
> [...]
If this is meant to cover administrative binaries that have no
privilege escalation pieces of their own, merely run by root, then
what makes them diffe
On Fri, Apr 13, 2012 at 06:39:14PM +0100, Richard W.M. Jones wrote:
> On Fri, Apr 13, 2012 at 12:36:36PM -0500, Jon Ciesla wrote:
> > >
> > > - Is the above an 'AND' or an 'OR' set of requirements?
> >
> > OR.
>
> Thanks. That wasn't clear to me at all -- when I first read it, I
> assumed it mus
On Fri, Apr 13, 2012 at 12:36:36PM -0500, Jon Ciesla wrote:
> On Fri, Apr 13, 2012 at 12:32 PM, Richard W.M. Jones
> wrote:
> > On Fri, Apr 13, 2012 at 05:37:12PM +0200, Mattia Verga wrote:
> >> Greetings,
> >> I saw the changes in packaging guidelines related to PIE:
> >>
> >> /If your package m
On Fri, Apr 13, 2012 at 12:36:36PM -0500, Jon Ciesla wrote:
> On Fri, Apr 13, 2012 at 12:32 PM, Richard W.M. Jones
> wrote:
> > On Fri, Apr 13, 2012 at 05:37:12PM +0200, Mattia Verga wrote:
> >> Greetings,
> >> I saw the changes in packaging guidelines related to PIE:
> >>
> >> /If your package m
On Fri, Apr 13, 2012 at 12:32 PM, Richard W.M. Jones wrote:
> On Fri, Apr 13, 2012 at 05:37:12PM +0200, Mattia Verga wrote:
>> Greetings,
>> I saw the changes in packaging guidelines related to PIE:
>>
>> /If your package meets the following criteria you *MUST* enable the
>> PIE compiler flags: /
On Fri, Apr 13, 2012 at 05:37:12PM +0200, Mattia Verga wrote:
> Greetings,
> I saw the changes in packaging guidelines related to PIE:
>
> /If your package meets the following criteria you *MUST* enable the
> PIE compiler flags: /
>
> * /Your package is long running. This means it's likely to be
On Fri, Apr 13, 2012 at 10:37 AM, Mattia Verga wrote:
> Greetings,
> I saw the changes in packaging guidelines related to PIE:
>
> If your package meets the following criteria you MUST enable the PIE
> compiler flags:
>
> Your package is long running. This means it's likely to be started and keep
Greetings,
I saw the changes in packaging guidelines related to PIE:
/If your package meets the following criteria you *MUST* enable the PIE
compiler flags: /
* /Your package is long running. This means it's likely to be started
and keep running until the machine is rebooted, not start on
21 matches
Mail list logo
