F22 System Wide Change: Harden all packages with position-independent code
Florian Weimer
fweimer at redhat.com
Mon Jan 19 12:59:32 UTC 2015
On 01/19/2015 01:41 PM, Jakub Jelinek wrote:
> On Mon, Jan 19, 2015 at 01:37:29PM +0100, Florian Weimer wrote:
>> On 01/19/2015 01:15 PM, Jakub Jelinek wrote:
>>
>>> No, because you need GCC 5 for that (ok, have scratch rpms now for that),
>>> and very recent binutils (2.25 we have in F22 is not enough).
>>
>> Ugh, this seems to suggests to defer the PIE change to Fedora 23. :-(
>
> As F22 mass rebuild has been denied by FESCO, that is given anyway.
Meh, okay.
>> Would it still make sense to proceed with SSE2 and the off_t/ino_t change?
>
> -msse2 is discussion whether it is worth it. In RHEL7 we default to that,
> but in Fedora, given the whole i?86 port is kind of legacy/obsolete now
> anyway, it might be undesirable.
Well, unless there are testers who run Fedora on non-SSE2 hardware, it's
very likely broken these days anyway.
> And, making _FILE_OFFSET_BITS=64 the default? How do you turn it off?
In general, you don't. :-) But you could define it to 32 instead.
> It
> is an ABI change. IMHO very much undesirable. Just complain to people that
> build their packages without it where it matters.
Some core libraries use off_t or struct stat in public header files, so
we already have the ABI problem. Paul Eggert did some review and thinks
that 64-bit-by-default fixes more things than it breaks:
<https://sourceware.org/ml/libc-alpha/2014-03/msg00670.html>
In addition, <selinux/selinux.h> contains this gem:
extern int matchpathcon_filespec_add(ino_t ino, int specind, const char
*file);
--
Florian Weimer / Red Hat Product Security
More information about the devel
mailing list