Harden_all_packages_with_position-independent_code + guile modules
Adam Jackson
ajax at redhat.com
Thu Mar 12 14:41:49 UTC 2015
On Thu, 2015-03-12 at 13:45 +0000, Petr Pisar wrote:
> On 2015-03-12, Nikos Mavrogiannopoulos <nmav at redhat.com> wrote:
> > In rawhide building the gnutls guile bindings fails, and that's related
> > to the new hardening flags being enabled with [0]. The failure is quite
> > peculiar since the loading of a dynamic module fails [1] which already
> > is position independent.
> [...]
> >
> > [1]. https://bugzilla.redhat.com/show_bug.cgi?id=1196556
> >
> The test-suite.log reads "file not found" which is far from "loading DSO
> failed".
>
> However I can add my recent story: After hardening perl, loading a DSO
> by perl failed. I believe the reason was the DSO had an undefined symbol
> which was not defined in any SO_NEEDed libraries. But because the symbol
> was never used at run-time, before hardening the executable, run-time
> linking passed. But after hardening, the -znow feature caused resolving
> all symbols at link time, including the missing symbol, so dlopen(3)
> failed.
We may want to revisit this, honestly. The actual proposal was just to
build executables as PIE, right? Forcing -z now is a bit more than
maybe was expected.
- ajax
More information about the devel
mailing list