F22 System Wide Change: Harden all packages with position-independent code
Florian Weimer
fweimer at redhat.com
Wed Jan 21 08:25:03 UTC 2015
On 01/19/2015 02:22 PM, Jakub Jelinek wrote:
> On Mon, Jan 19, 2015 at 01:59:32PM +0100, Florian Weimer wrote:
>>> It
>>> is an ABI change. IMHO very much undesirable. Just complain to people that
>>> build their packages without it where it matters.
>>
>> Some core libraries use off_t or struct stat in public header files, so we
>> already have the ABI problem. Paul Eggert did some review and thinks that
>> 64-bit-by-default fixes more things than it breaks:
>>
>> <https://sourceware.org/ml/libc-alpha/2014-03/msg00670.html>
>>
>> In addition, <selinux/selinux.h> contains this gem:
>>
>> extern int matchpathcon_filespec_add(ino_t ino, int specind, const char
>> *file);
>
> Yeah, perhaps some packages do bogus and unsafe things. But by changing
> _FILE_OFFSET_BITS, you change it silently for everything. C++ functions
> using ino_t/off_t etc. will not link anymore, ...
> You'd need to bump SONAME of all the affected shared libraries, etc.
>
> IMNSHO you can do this kind of changes in a new port, but not afterwards.
That was my initial reaction back then as well, but after Paul Eggert's
analysis, I'm not so sure anymore. We already have quite a bit
breakage, but maybe it is restricted to corner cases only.
--
Florian Weimer / Red Hat Product Security
More information about the devel
mailing list