hardening breaks X.org
David Airlie
airlied at redhat.com
Mon Mar 2 03:18:15 UTC 2015
----- Original Message -----
> From: "Moez Roy" <moez.roy at gmail.com>
> To: "Development discussions related to Fedora" <devel at lists.fedoraproject.org>
> Cc: "David Airlie" <airlied at redhat.com>, "Adam Jackson" <ajax at redhat.com>, "Till Maas" <opensource at till.name>
> Sent: Monday, 2 March, 2015 1:15:19 PM
> Subject: Re: hardening breaks X.org
>
> On Sun, Mar 1, 2015 at 5:16 PM, David Airlie <airlied at redhat.com> wrote:
> > So the rebuild to use hardened builds by default in rawhide, broke X.org.
> >
> > Thanks guys, my system is more secure, but I can't run any apps.
> >
> > Anyways enough snark from me, the problem seems to be that hardening
> > makes bind now override RTLD_LAZY options, and the X server relies
> > on the RTLD_LAZY on its drivers being lazy.
> >
> > So should I
> >
> > a) turn off hardened builds for all Xorg server/driver packages?
> >
> > b) or is there a way to get partial relro back?
> >
> > Dave.
> > --
> > devel mailing list
> > devel at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/devel
> > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
>
> In RHEL 7.1 beta I see in the changelog:
>
> 2014-09-17 Adam Jackson <ajax at redhat.com> 1.15.0-27
> - Link Xorg as a PIE
>
> and
>
> 2014-02-25 Adam Jackson <ajax at redhat.com> 1.15.0-6
> - Fix dist tag
> - Link Xorg with -z now
>
>
This works fine for the X server itself, since its not a shared library.
However the drivers can't use -z now, that new flags forced this on everywhere.
Dave.
More information about the devel
mailing list