Harden_all_packages_with_position-independent_code + guile modules
Tom Hughes
tom at compton.nu
Thu Mar 12 14:49:03 UTC 2015
On 12/03/15 14:41, Adam Jackson wrote:
> On Thu, 2015-03-12 at 13:45 +0000, Petr Pisar wrote:
>>
>> However I can add my recent story: After hardening perl, loading a DSO
>> by perl failed. I believe the reason was the DSO had an undefined symbol
>> which was not defined in any SO_NEEDed libraries. But because the symbol
>> was never used at run-time, before hardening the executable, run-time
>> linking passed. But after hardening, the -znow feature caused resolving
>> all symbols at link time, including the missing symbol, so dlopen(3)
>> failed.
>
> We may want to revisit this, honestly. The actual proposal was just to
> build executables as PIE, right? Forcing -z now is a bit more than
> maybe was expected.
On top of which there seems, despite a number of questions posted here
since the change went live, very little assistance from the proposal
owners with fixing packages that have been broken by it.
Tom
--
Tom Hughes (tom at compton.nu)
http://compton.nu/
More information about the devel
mailing list