_hardened_build not affecting libtool-compiled libraries
Richard W.M. Jones
rjones at redhat.com
Mon Jun 24 18:46:09 UTC 2013
Here's the problem (found by Björn Esser):
and then later on:
So it seems as if _hardened_build for some reason doesn't work for
libtool-compiled libraries. It does look as if the correct CFLAGS and
LDFLAGS are getting to the build. See for example:
but the plugins from that build are not hardened fully:
$ hardening-check ./usr/lib64/nbdkit/plugins/nbdkit-example1-plugin.so
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, only unprotected functions found!
Read-only relocations: yes
Immediate binding: yes
Also we had to add an LDFLAGS hack into the %build section to even get
Any ideas? Is this a bug or how it should be?
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
More information about the devel