[Fedora-packaging] RFC mass bug reporting: checksec failures
Alexander Todorov
atodorov at redhat.com
Fri Sep 18 07:52:34 UTC 2015
На 18.09.2015 в 03:15, Steve Grubb написа:
>
> I think Florian answered this. Indeed, the --debug-dump option does
> find these strings, but they are mixed in with other data. I think that
> if there is no canary and flags were passed, its not a problem. If the
> flags are absent, the build scripts are suspect.
>
Hi Steve,
thanks for the pointer. I have something which I'm not clear about.
For example:
readelf --debug-dump=info /usr/lib/debug/usr/lib64/libmemtailor.so.0.0.0.debug |
grep "DW_AT_producer"
shows 4 lines where I can clearly see -fstack-protector-strong is used. OTOH
readelf --debug-dump=info /usr/lib/debug/usr/lib64/libmemtailor.so.0.0.0.debug |
grep "Compilation Unit"
gives me 8 lines.
Can you briefly explain (or point me to relevant reading) what is the difference
between the two and if it's OK to grep for the DW_AT_producer lines and look at
the flags there.
Thanks,
Alex
More information about the devel
mailing list