Harden_all_packages_with_position-independent_code + guile modules
Moez Roy
moez.roy at gmail.com
Thu Mar 12 15:39:19 UTC 2015
On Thu, Mar 12, 2015 at 7:49 AM, Tom Hughes <tom at compton.nu> wrote:
> On 12/03/15 14:41, Adam Jackson wrote:
>>
>> On Thu, 2015-03-12 at 13:45 +0000, Petr Pisar wrote:
>>>
>>>
>>> However I can add my recent story: After hardening perl, loading a DSO
>>> by perl failed. I believe the reason was the DSO had an undefined symbol
>>> which was not defined in any SO_NEEDed libraries. But because the symbol
>>> was never used at run-time, before hardening the executable, run-time
>>> linking passed. But after hardening, the -znow feature caused resolving
>>> all symbols at link time, including the missing symbol, so dlopen(3)
>>> failed.
>>
>>
>> We may want to revisit this, honestly. The actual proposal was just to
>> build executables as PIE, right? Forcing -z now is a bit more than
>> maybe was expected.
>
>
> On top of which there seems, despite a number of questions posted here since
> the change went live, very little assistance from the proposal owners with
> fixing packages that have been broken by it.
>
> Tom
>
I believe most of the issues should get resolved on its own after the
mass rebuild of all the packages.
Rel-Eng will do the mass rebuild as soon as they get the green light from Jakub.
I tried suggesting 2 mass rebuilds; 1 mass rebuild of all packages
right now, and another mass rebuild of all the packages 1 month later
when gcc5 becomes more stable, but they said no as it costs too much
resources.
-Moez
More information about the devel
mailing list