FS#48257 - [nginx] is not being properly hardened

Attached to Project: Arch Linux
Opened by Scott Rosenberg (Moscato) - Friday, 19 February 2016, 22:30 GMT
Last edited by Bartłomiej Piotrowski (Barthalion) - Thursday, 05 May 2016, 12:59 GMT
Task Type General Gripe
Category Packages: Extra
Status Closed
Assigned To Sébastien Luttringer (seblu)
Bartłomiej Piotrowski (Barthalion)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
Nginx is not being properly hardened at compile time.

Additional info:
1.8.1

Steps to reproduce:
Use hardening-check from aur
hardening-check nginx
nginx:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: no, only unprotected functions found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
This task depends upon

Closed by  Bartłomiej Piotrowski (Barthalion)
Thursday, 05 May 2016, 12:59 GMT
Reason for closing:  Fixed
Additional comments about closing:  Fixed in trunk.
Comment by Sébastien Luttringer (seblu) - Sunday, 17 April 2016, 23:55 GMT
Where is your patch to fix this?
Comment by Scott Rosenberg (Moscato) - Monday, 18 April 2016, 00:07 GMT
These are compiler flags for a pkgbuild
Comment by Sébastien Luttringer (seblu) - Monday, 18 April 2016, 00:17 GMT
PKGBUILD patch...
Comment by Scott Rosenberg (Moscato) - Monday, 18 April 2016, 00:40 GMT
I'm not entirely familiar with the patch writing process.


These are not being applied
CFLAGS=PIE
CPPFLAGS=PIE
CXXFLAGS=PIE
LDFLAGS=relro,now

Loading...