hardening breaks X.org
Moez Roy
moez.roy at gmail.com
Mon Mar 2 03:15:19 UTC 2015
On Sun, Mar 1, 2015 at 5:16 PM, David Airlie <airlied at redhat.com> wrote:
> So the rebuild to use hardened builds by default in rawhide, broke X.org.
>
> Thanks guys, my system is more secure, but I can't run any apps.
>
> Anyways enough snark from me, the problem seems to be that hardening
> makes bind now override RTLD_LAZY options, and the X server relies
> on the RTLD_LAZY on its drivers being lazy.
>
> So should I
>
> a) turn off hardened builds for all Xorg server/driver packages?
>
> b) or is there a way to get partial relro back?
>
> Dave.
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
In RHEL 7.1 beta I see in the changelog:
2014-09-17 Adam Jackson <ajax at redhat.com> 1.15.0-27
- Link Xorg as a PIE
and
2014-02-25 Adam Jackson <ajax at redhat.com> 1.15.0-6
- Fix dist tag
- Link Xorg with -z now
>From the src.rpm I found this patch:
>From 58f5196a02b2fea360a35e2ea7046a320aca2b4e Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax at redhat.com>
Date: Mon, 27 Jun 2011 11:21:23 -0400
Subject: [PATCH 01/15] link with -z now
Signed-off-by: Adam Jackson <ajax at redhat.com>
---
hw/xfree86/Makefile.am | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/hw/xfree86/Makefile.am b/hw/xfree86/Makefile.am
index c3899b5..9e422f2 100644
--- a/hw/xfree86/Makefile.am
+++ b/hw/xfree86/Makefile.am
@@ -67,7 +67,7 @@ Xorg_LDADD = \
$(XSERVER_SYS_LIBS)
Xorg_DEPENDENCIES = $(LOCAL_LIBS)
-Xorg_LDFLAGS = $(LD_EXPORT_SYMBOLS_FLAG)
+Xorg_LDFLAGS = $(LD_EXPORT_SYMBOLS_FLAG) -Wl,-z,now -pie
BUILT_SOURCES = xorg.conf.example
DISTCLEANFILES = xorg.conf.example
--
1.7.7.6
More information about the devel
mailing list