Bug#509135: please enable PIE during configure
On Thu, Dec 18, 2008 at 04:53:08PM -0800, Kees Cook wrote: On Thu, Dec 18, 2008 at 04:39:01PM -0800, Steve Langasek wrote: On Thu, Dec 18, 2008 at 10:51:28AM -0800, Kees Cook wrote: Hello! Please enable PIE support in the build, since this is correctly handled in the upstream build scripts (and is an upstream default). This gains a measure of additional security on kernels that randomize relocatable program segments. Bug #346416 is the reason this was disabled in the first place. That should be a bug in gdb, not in samba. Bug 346409 is open with a patch to handle PIE. Sure; but the ability to get meaningful backtraces out of samba was considered more important in the near term. Does gdb handle PIE better these days? Currently Debian's gdb does not handle PIE. The above bug, if closed, would solve this. Ok, then I think this bug unfortunately should be 'wontfix' until the gdb bug is addressed. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ slanga...@ubuntu.com vor...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#509135: [Pkg-samba-maint] Bug#509135: please enable PIE during configure
Quoting Steve Langasek (vor...@debian.org): Currently Debian's gdb does not handle PIE. The above bug, if closed, would solve this. Ok, then I think this bug unfortunately should be 'wontfix' until the gdb bug is addressed. Wouldn't that be a good use case for block foo by bar? signature.asc Description: Digital signature
Bug#509135: [Pkg-samba-maint] Bug#509135: please enable PIE during configure
block 509135 by 346409 thanks On Fri, Dec 19, 2008 at 06:54:31PM +0100, Christian Perrier wrote: Quoting Steve Langasek (vor...@debian.org): Currently Debian's gdb does not handle PIE. The above bug, if closed, would solve this. Ok, then I think this bug unfortunately should be 'wontfix' until the gdb bug is addressed. Wouldn't that be a good use case for block foo by bar? Yes, yes it would! :) -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ slanga...@ubuntu.com vor...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#509135: please enable PIE during configure
Package: samba Version: 2:3.2.5-2 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu jaunty ubuntu-patch Hello! Please enable PIE support in the build, since this is correctly handled in the upstream build scripts (and is an upstream default). This gains a measure of additional security on kernels that randomize relocatable program segments. Thanks, -Kees -- Kees Cook@debian.org diff -u samba-3.2.5/debian/rules samba-3.2.5/debian/rules --- samba-3.2.5/debian/rules +++ samba-3.2.5/debian/rules @@ -32,7 +32,6 @@ --with-fhs \ --enable-shared \ --enable-static \ - --disable-pie \ --prefix=/usr \ --sysconfdir=/etc \ --libdir=/usr/lib/samba \
Bug#509135: please enable PIE during configure
On Thu, Dec 18, 2008 at 10:51:28AM -0800, Kees Cook wrote: Package: samba Version: 2:3.2.5-2 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu jaunty ubuntu-patch Hello! Please enable PIE support in the build, since this is correctly handled in the upstream build scripts (and is an upstream default). This gains a measure of additional security on kernels that randomize relocatable program segments. Bug #346416 is the reason this was disabled in the first place. Does gdb handle PIE better these days? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ slanga...@ubuntu.com vor...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#509135: please enable PIE during configure
Hi, On Thu, Dec 18, 2008 at 04:39:01PM -0800, Steve Langasek wrote: On Thu, Dec 18, 2008 at 10:51:28AM -0800, Kees Cook wrote: Hello! Please enable PIE support in the build, since this is correctly handled in the upstream build scripts (and is an upstream default). This gains a measure of additional security on kernels that randomize relocatable program segments. Bug #346416 is the reason this was disabled in the first place. That should be a bug in gdb, not in samba. Bug 346409 is open with a patch to handle PIE. Does gdb handle PIE better these days? Currently Debian's gdb does not handle PIE. The above bug, if closed, would solve this. -- Kees Cook@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org