[Bug 768713] Re: amavisd-milter is no longer built w/PIE and BINDNOW hardening

Steve Beattie sbeattie at ubuntu.com
Fri Apr 22 16:19:58 UTC 2011 

Patch forwarded to Debian.

** Bug watch added: Debian Bug tracker #623740
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623740

** Also affects: amavisd-milter (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623740
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is a direct subscriber.
https://bugs.launchpad.net/bugs/768713

Title:
  amavisd-milter is no longer built w/PIE and BINDNOW hardening

Status in “amavisd-milter” package in Ubuntu:
  Fix Released
Status in “amavisd-milter” source package in Natty:
  Fix Released
Status in “amavisd-milter” package in Debian:
  Unknown

Bug description:
  Binary package hint: amavisd-milter

  In maverick and and earlier, amavisd-new-milter was built with the PIE
  and BINDNOW hardening options (see
  https://wiki.ubuntu.com/Security/HardeningWrapper and
  http://wiki.debian.org/Hardening). With the replacement of amavisd-
  new-milter by amavisd-milter, this hardening protection is gone.

  To reproduce:
  1) grab the hardening_check script from http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/view/head:/scripts/built-binaries/hardening-check
  2) unpack via dpkg-deb -x or install amavsid-milter
  3) run the hardening-check script on (EXTRACTEDPATH)/usr/sbin/amavisd-milter
  4) output should look like:
    /usr/sbin/amavisd-milter:
    Position Independent Executable: yes
    Stack protected: yes
    Fortify Source functions: yes
    Read-only relocations: yes
    Immediate binding: yes
  however, without hardening-wrapper applied, it looks like:
    /usr/sbin/amavisd-milter:
    Position Independent Executable: no, normal executable!
    Stack protected: yes
    Fortify Source functions: yes
    Read-only relocations: yes
    Immediate binding: no, not found!

  ProblemType: Bug
  DistroRelease: Ubuntu 11.04
  Package: amavisd-milter 1.5.0-2
  ProcVersionSignature: Ubuntu 2.6.38-8.42-server 2.6.38.2
  Uname: Linux 2.6.38-8-server x86_64
  Architecture: amd64
  Date: Thu Apr 21 17:48:50 2011
  InstallationMedia: Ubuntu-Server 11.04 "Natty Narwhal" - Alpha amd64 (20110211)
  ProcEnviron:
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: amavisd-milter
  UpgradeStatus: No upgrade log present (probably fresh install)

More information about the Ubuntu-sponsors mailing list