the checksec script available at https://github.com/slimm609/checksec.sh is able to scan an elf through scanelf/readelf and report the hardening and/or the security status.
If the check goes well it is printed green, otherwise it is red.
While scanning some file provided by openrc, it prints the error about RUNPATH:
# sh checksec --file /bin/rc-status
RELRO STACK CANARY NX PIE RPATH RUNPATH FORTIFY Fortified Fortifiable FILE
Partial RELRO No canary found NX enabled No PIE No RPATH RUNPATH No 0 4 /bin/rc-status
The runpath issue comes up if the following contents exist:
# readelf -d /bin/rc-status | grep runpath
0x000000000000001d (RUNPATH) Library runpath: [/lib64]
While I try to scan other executables I didn't get anything.
I didn't investigate deeply; can you clarify if this is something that we can report?
CC'ing hardened team if they know something about.