Source: nginx Version: 1.4.6-1, 1.6.0-1 Originally filed on Launchpad against 1.4.6-1ubuntu3 which is based off of the Debian package 1.4.6. Also confirmed on 1.6.0-1+trusty0 which is in the NGINX Stable PPA and has no changes between it and Debian except a changelog entry for Ubuntu Trusty.
This was the original description of the bug: nginx (1.4.6-1ubuntu3) is not being built with -fPIE -pie. I am running ubuntu 14.04 LTS. I've included the output when scanning apache2 with hardening-check just for comparison purposes. $ hardening-check /usr/sbin/nginx /usr/sbin/nginx: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no, not found! $ dpkg -l | grep "nginx-core" ii nginx-core 1.4.6-1ubuntu3 amd64 nginx web/proxy server (core version) $ lsb_release -rd Description: Ubuntu 14.04 LTS Release: 14.04 $ hardening-check /usr/sbin/apache2 /usr/sbin/apache2: Position Independent Executable: yes Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: yes -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
