On Saturday, 30 March 2024 10:37:44 CEST Richard W.M. Jones wrote:
These are just my thoughts on a Saturday morning. Feedback welcome
of
course.
I find the use of the ifunc attribute is really uncommon at this place. I
would expect it in ffmpeg or some media codecs. In xz it looks like it is only
there to hook in the payload. The software I know normally uses target
cloning.
I think the use of the ifunc attribute should be a red flag. Can't we check
for it with rpmlint and let the security team verify it?
Best regards
Andreas