Downgrade suid w/o PIE from error to warning
Some languages (such as Hare) do not support position-independent executables. Such cases require extra care and scrutiny, but should not be entirely disallowed.
This commit is contained in:
Drew DeVault
parent
3ee93ea8bc
commit
1571e2887e
|
|
@ -833,9 +833,9 @@ postcheck() {
|
|||
| xargs scanelf --nobanner --etype ET_EXEC \
|
||||
| sed "s|ET_EXEC $dir|\t|")
|
||||
if [ -n "$i" ]; then
|
||||
error "Found non-PIE files that has SUID:"
|
||||
warning "Found non-PIE files that have SUID:"
|
||||
echo "$i"
|
||||
e=1
|
||||
warning "suid executables SHOULD be compiled with PIE if possible"
|
||||
fi
|
||||
# test suid bit on executable
|
||||
if ! options_has "suid"; then
|
||||
|
|
|
|||
Loading…
Reference in New Issue