Bug 46569

Summary: Respect SUID_CFLAGS and SUID_LDFLAGS for suid binaries
Product: PolicyKit Reporter: Vincent Untz <vuntz>
Component: daemonAssignee: David Zeuthen (not reading bugmail) <zeuthen>
Status: RESOLVED FIXED QA Contact: David Zeuthen (not reading bugmail) <zeuthen>
Severity: normal    
Priority: medium CC: walters
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: polkitagent, pkexec: Respect SUID_CFLAGS and SUID_LDFLAGS

Description Vincent Untz 2012-02-24 04:21:45 UTC 
This is a good way for distributors to use -fPIE/-pie, and that's what is used for util-linux for instance.
Comment 1 Vincent Untz 2012-02-24 04:22:37 UTC 
Created attachment 57584 [details] [review]
polkitagent, pkexec: Respect SUID_CFLAGS and SUID_LDFLAGS
Comment 2 David Zeuthen (not reading bugmail) 2012-02-24 04:35:28 UTC 
I've never heard about this. Is this a SUSE-thing or something standardized?
Comment 3 Vincent Untz 2012-02-24 04:56:11 UTC 
(In reply to comment #2)
> I've never heard about this. Is this a SUSE-thing or something standardized?

-fPIE/-pie or SUID_CFLAGS/SUID_LDFLAGS? :-)

In both cases, no, it's not SUSE specific.

For -fPIE/-pie, see http://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_PIE_.28gcc.2BAC8-g.2B-.2B-_-fPIE_-pie.29 and http://www.linuxfromscratch.org/~manuel/hlfs-book/glibc-2.4/chapter02/pie.html for instance.

For util-linux, well, it's just in git :-)

Note that Fedora uses this feature too: http://pkgs.fedoraproject.org/gitweb/?p=util-linux.git;a=blob_plain;f=util-linux.spec;hb=HEAD
Comment 4 Colin Walters 2013-04-11 17:22:20 UTC 
Looks reasonable to me if it's used in multiple places.  I also added a link in the git commit to this bug (GNOME style).  Pushed to master, thanks!

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.