Summary/Minutes from today's FESCo meeting (2011-05-11)
Petr Pisar
ppisar at redhat.com
Thu May 12 14:26:54 UTC 2011
On 2011-05-11, Kevin Fenzi <kevin at scrye.com> wrote:
>
> * #563 suggested policy: all daemons must set RELRO and PIE flags
> (nirik, 17:35:15)
> * AGREED: will enable them both by default in rawhide and see if we
> run into issues. (nirik, 17:39:26)
>
Hm, right now I found a problem caused by enabling PIE in an application.
It's about edquota segfaulting in nss_db (bug #703567):
edquota has global non-static variable `dirname'. edquota calls libc
getpwnam(), getpwnam dlopens nss_db, nss_db calls libc dirname(). But
because edquota is PIE, the dirname symbol is made dynamic and visible
in symbol table. Then dynamic linker preffers dirname form edquota and
nss_db jumps on address of edquota dirname variable. Ooops.
One could say mark all global objects and functions as static. But this
is a lot of code to change and there still remains symbols that must be
made accesible from other object files. I guess dynamic linking with
PIE executables will polute name space outrageously.
-- Petr
More information about the devel
mailing list