Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#46143 - [postfix] build as PIE to fully take advantage of ASLR
Attached to Project:
Arch Linux
Opened by Remi Gacogne (rgacogne) - Saturday, 29 August 2015, 14:49 GMT
Last edited by Gaetan Bisson (vesath) - Sunday, 30 August 2015, 04:37 GMT
Opened by Remi Gacogne (rgacogne) - Saturday, 29 August 2015, 14:49 GMT
Last edited by Gaetan Bisson (vesath) - Sunday, 30 August 2015, 04:37 GMT
|
DetailsHi,
In order to fully benefit from ASLR, postfix would need to be built as PIE, which can be done by simply adding pie=yes on the make line. As postfix is a network daemon, I believe the gain in term of security would be worth the small overhead introduced by that move, especially on x86_64 where ASLR is most useful and the PIE cost is almost nonexistent. |
This task depends upon
Closed by Gaetan Bisson (vesath)
Sunday, 30 August 2015, 04:37 GMT
Reason for closing: Implemented
Additional comments about closing: postfix-3.0.2-2 in [extra]
Sunday, 30 August 2015, 04:37 GMT
Reason for closing: Implemented
Additional comments about closing: postfix-3.0.2-2 in [extra]