_hardened_build not affecting libtool-compiled libraries
Miloslav Trmač
mitr at volny.cz
Mon Jun 24 19:13:29 UTC 2013
On Mon, Jun 24, 2013 at 8:46 PM, Richard W.M. Jones <rjones at redhat.com> wrote:
> but the plugins from that build are not hardened fully:
Isn't it possible that the plugins are just so trivial that there were
no opportunities for hardening?
> $ hardening-check ./usr/lib64/nbdkit/plugins/nbdkit-example1-plugin.so
> ./usr/lib64/nbdkit/plugins/nbdkit-example1-plugin.so:
> Position Independent Executable: no, regular shared library (ignored)
> Stack protected: no, not found!
No on-stack arrays that I can find.
> Fortify Source functions: no, only unprotected functions found!
I can see libc calls with compile-time-known destination sizes except
for example1_load () where it can be statically proven the call is
safe.
Mirek
More information about the devel
mailing list