[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#756906: marked as done (nfs-utils: please use more hardening features)



Your message dated Sat, 22 Jan 2022 19:33:45 +0000
with message-id <E1nBM8v-0008Af-MV@fasolo.debian.org>
and subject line Bug#756906: fixed in nfs-utils 1:2.6.1-1~exp1
has caused the Debian Bug report #756906,
regarding nfs-utils: please use more hardening features
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
756906: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756906
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: nfs-common
Version: 1:1.2.8-7
Severity: wishlist


Hi,

according to the checksec.sh script, binaries provided by nfs-utils 
are not compiled with all available hardening features:

RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FILE
No RELRO        No canary found   NX enabled    No PIE          No RPATH   No RUNPATH   /sbin/rpc.statd
Partial RELRO   No canary found   NX enabled    No PIE          No RPATH   No RUNPATH   /usr/sbin/rpc.gssd
No RELRO        No canary found   NX enabled    No PIE          No RPATH   No RUNPATH   /usr/sbin/rpc.idmapd
Partial RELRO   No canary found   NX enabled    No PIE          No RPATH   No RUNPATH   /usr/sbin/rpc.svcgssd

Since those daemons are potentially exposed to untrusted network traffic, 
could you please compile the package with more hardening features ?


-- 
Laurent.

--- End Message ---
--- Begin Message ---
Source: nfs-utils
Source-Version: 1:2.6.1-1~exp1
Done: Salvatore Bonaccorso <carnil@debian.org>

We believe that the bug you reported is fixed in the latest version of
nfs-utils, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 756906@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated nfs-utils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 22 Jan 2022 20:16:02 +0100
Source: nfs-utils
Architecture: source
Version: 1:2.6.1-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian kernel team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 756906
Changes:
 nfs-utils (1:2.6.1-1~exp1) experimental; urgency=medium
 .
   [ Romain Perier ]
   * debian/rules: Modernize the packaging rules
     - Standard compiler flags are now used (Closes: #756906)
   * debian/control: No longer depends on dh-autoreconf
 .
   [ Ben Hutchings ]
   * lintian: Refresh lintian-overrides
   * d/control: Make nfs-kernel-server directly Recommend python3, as
     lintian wants
   * d/control: Reduce priority of libnfsidmap1 to optional as well
   * Fix man page syntax errors
   * d/control: Add debhelper-generated Pre-Depends to nfs-common
   * d/control: Use my debian.org email in Uploaders field
   * tests: Skip test if /dev/log is missing
   * d/salsa-ci.yml: Add CI configuration for salsa.debian.org
 .
   [ Salvatore Bonaccorso ]
   * debian/control: Use the debhelper-compat notation and drop debian/compat
     file
   * New upstream version 2.6.1
Checksums-Sha1: 
 ac9e82d4eab8273d4102334c90598628b895471d 2585 nfs-utils_2.6.1-1~exp1.dsc
 dfeae5f73683e10c301a4aea45fcb096ef94c26c 701232 nfs-utils_2.6.1.orig.tar.xz
 d1183d93c42a7b295c89b2b4e55863ff3d8b7e49 47312 nfs-utils_2.6.1-1~exp1.debian.tar.xz
Checksums-Sha256: 
 5fc7c081df88464fe385e1f37c5632be67fac65abd90ceb158013b3705b0c7f0 2585 nfs-utils_2.6.1-1~exp1.dsc
 60dfcd94a9f3d72a12bc7058d811787ec87a6d593d70da2123faf9aad3d7a1df 701232 nfs-utils_2.6.1.orig.tar.xz
 7c19d78db9b04f14667779851d56cec02c9eede18ab00a70c270f32de54f7b1d 47312 nfs-utils_2.6.1-1~exp1.debian.tar.xz
Files: 
 5edd2276ef26569ee5e1e51cc4d1c61d 2585 net optional nfs-utils_2.6.1-1~exp1.dsc
 43445a3563185963b736a7081979fd08 701232 net optional nfs-utils_2.6.1.orig.tar.xz
 6646369d919f9925a1babf586e6262fa 47312 net optional nfs-utils_2.6.1-1~exp1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmHsWI5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EsmYP/0uz94L4JaFQOu76L8ZV6la49y9uVEeu
mYqqESir5XVzVNn7OWIyhsVoF1V3nLfIZS68n6lppytyPoiSjWSgPdVGt+OaoGub
HvRXbegqWg2o/HTtpnUyKYa3OjQYpysNrKAzCSIfNR6UTRtjrh/VG8wdCfwfh71p
mvuPv9xfYhVd7oMLAAOGOHhB30Hod2H6QOdo0hcUraT3U/mgzca83yh9SmW6pwR8
spkqjJW+1a4Kd0fAU01VPEeqzzXF2FnmM7NHDOpy7qP0SfWTHFtB/Xg4MjevWogn
tFCCugbZJJuuBqZeNuKQKoEnli6LGKHc1sdK7e37VJSeYzo3plP5PFbs96v3ySbE
0J+J67DbY/ITKopaxY2vkpLlmfLWqmh86Who77fcDTcN3tT6R74KvCyNXsTp/2zy
kwoeCykHxuf1B9H/4f8KvxjNoJxv+qCf+7zjIuOWCR7mSifc8D9IPff+hf5S9Xj2
iG8FbUFV4ii2u5eFuGrxBD39o0fMPD6SAwsFAw0DRxe6+q0j/8f0n4tIa3Re7U9W
6JpJmAmaoHAFP2ZX3Pcujk6LJoSzq/BEyprnm2K131V/tWkKM5BFU1SvFeyYber9
0kYKY1pDiQP2wJdpRLbrBBb6Kfz+GYinAV5RZmPCH6nky1PiMJaMowGfFF+PqTlp
JAbfdDVtkW0f
=HjQ2
-----END PGP SIGNATURE-----

--- End Message ---

Reply to: