_hardened_build not affecting libtool-compiled libraries

Miloslav Trma─Ź mitr at volny.cz
Mon Jun 24 19:13:29 UTC 2013


On Mon, Jun 24, 2013 at 8:46 PM, Richard W.M. Jones <rjones at redhat.com> wrote:
> but the plugins from that build are not hardened fully:
Isn't it possible that the plugins are just so trivial that there were
no opportunities for hardening?

>   $ hardening-check ./usr/lib64/nbdkit/plugins/nbdkit-example1-plugin.so
>   ./usr/lib64/nbdkit/plugins/nbdkit-example1-plugin.so:
>    Position Independent Executable: no, regular shared library (ignored)
>    Stack protected: no, not found!
No on-stack arrays that I can find.

>    Fortify Source functions: no, only unprotected functions found!
I can see libc calls with compile-time-known destination sizes except
for example1_load () where it can be statically proven the call is
safe.
    Mirek


More information about the devel mailing list