Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 607822 - sys-apps/openrc: runpath issue
Summary: sys-apps/openrc: runpath issue
Status: CONFIRMED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Auditing (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security Audit Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-31 16:05 UTC by Agostino Sarubbo
Modified: 2017-01-31 16:05 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-01-31 16:05:55 UTC
Dear Auditors,

the checksec script available at https://github.com/slimm609/checksec.sh is able to scan an elf through scanelf/readelf and report the hardening and/or the security status.

If the check goes well it is printed green, otherwise it is red.

While scanning some file provided by openrc, it prints the error about RUNPATH:

# sh checksec --file /bin/rc-status 
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FORTIFY Fortified Fortifiable  FILE
Partial RELRO   No canary found   NX enabled    No PIE          No RPATH   RUNPATH      No      0               4       /bin/rc-status

The runpath issue comes up if the following contents exist:

# readelf -d /bin/rc-status  | grep runpath
 0x000000000000001d (RUNPATH)            Library runpath: [/lib64]

While I try to scan other executables I didn't get anything.


I didn't investigate deeply; can you clarify if this is something that we can report?

CC'ing hardened team if they know something about.