|
Bugzilla – Full Text Bug Listing |
| Summary: | chromium: setuid binaries need to be position independent | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 12.2 | Reporter: | Ludwig Nussel <lnussel> |
| Component: | Other | Assignee: | Forgotten User sM9JzehKpy <forgotten_sM9JzehKpy> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | security-team |
| Version: | Factory | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 744091 | ||
|
Description
Ludwig Nussel
2012-01-24 15:51:31 UTC
In my test repo, I have resolved this situation for the SUID binary chrome_sandbox. The rpmlint warning has now disappeared. Is this indeed the only binary that requires these flags or should Chromium itself also be compiled with those flags ? Sure, it may make sense to compile chromium itself as pie indeed as it's exposed to untrusted network data. This is an autogenerated message for OBS integration: This bug (743158) was mentioned in https://build.opensuse.org/request/show/102128 Factory / chromium Hi Ludwig,
The indicated SR to Factory would resolve the rpmlint warning on the missing PIE flag for the chrome_sandbox binary.
I have checked out to compile chromium itself also with PIE, but at this moment Google is indicating that compiling with PIE would break remote debugging.
As commented by the chromium development team:
# TODO(rkc): Currently building Chrome with the PIE flag causes
# remote debugging to break (remote debugger does not get correct
# section header offsets hence causing all symbol handling to go
# kaboom). See crosbug.com/15266
This is an autogenerated message for OBS integration: This bug (743158) was mentioned in https://build.opensuse.org/request/show/102152 12.1 / chromium |