[Bug 768713] Re: amavisd-milter is no longer built w/PIE and BINDNOW hardening

Launchpad Bug Tracker 768713 at bugs.launchpad.net
Fri Apr 22 14:09:45 UTC 2011 

This bug was fixed in the package amavisd-milter - 1.5.0-2ubuntu1

---------------
amavisd-milter (1.5.0-2ubuntu1) natty; urgency=low

  * Re-enable hardened build for PIE (LP: #768713)
 -- Steve Beattie <sbeattie at ubuntu.com>   Thu, 21 Apr 2011 17:22:53 -0700

** Changed in: amavisd-milter (Ubuntu Natty)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is a direct subscriber.
https://bugs.launchpad.net/bugs/768713

Title:
  amavisd-milter is no longer built w/PIE and BINDNOW hardening

Status in “amavisd-milter” package in Ubuntu:
  Fix Released
Status in “amavisd-milter” source package in Natty:
  Fix Released

Bug description:
  Binary package hint: amavisd-milter

  In maverick and and earlier, amavisd-new-milter was built with the PIE
  and BINDNOW hardening options (see
  https://wiki.ubuntu.com/Security/HardeningWrapper and
  http://wiki.debian.org/Hardening). With the replacement of amavisd-
  new-milter by amavisd-milter, this hardening protection is gone.

  To reproduce:
  1) grab the hardening_check script from http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/view/head:/scripts/built-binaries/hardening-check
  2) unpack via dpkg-deb -x or install amavsid-milter
  3) run the hardening-check script on (EXTRACTEDPATH)/usr/sbin/amavisd-milter
  4) output should look like:
    /usr/sbin/amavisd-milter:
    Position Independent Executable: yes
    Stack protected: yes
    Fortify Source functions: yes
    Read-only relocations: yes
    Immediate binding: yes
  however, without hardening-wrapper applied, it looks like:
    /usr/sbin/amavisd-milter:
    Position Independent Executable: no, normal executable!
    Stack protected: yes
    Fortify Source functions: yes
    Read-only relocations: yes
    Immediate binding: no, not found!

  ProblemType: Bug
  DistroRelease: Ubuntu 11.04
  Package: amavisd-milter 1.5.0-2
  ProcVersionSignature: Ubuntu 2.6.38-8.42-server 2.6.38.2
  Uname: Linux 2.6.38-8-server x86_64
  Architecture: amd64
  Date: Thu Apr 21 17:48:50 2011
  InstallationMedia: Ubuntu-Server 11.04 "Natty Narwhal" - Alpha amd64 (20110211)
  ProcEnviron:
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: amavisd-milter
  UpgradeStatus: No upgrade log present (probably fresh install)

More information about the Ubuntu-sponsors mailing list