Hi, On Wed, Jan 06, 2010 at 11:01:01AM +0800, Paul Wise wrote: > On Wed, Jan 6, 2010 at 9:20 AM, Kees Cook <k...@debian.org> wrote: > > > There is a maintained (by RedHat) patch for dealing with PIE. I already > > maintain a delta for this in Ubuntu, but as you can see in the gdb bug, > > the gdb maintainer doesn't want it until it's in upstream. I, obviously, > > think that's ridiculous. PIE works and is useful. Blocking its rollout > > because gdb's support for it isn't upstream just furthers the catch-22. > > It is perfectly reasonable to reject patches until they are upstream. > I personally will never add patches to Debian without either > committing them upstream myself or some indication that they already > have been or will be accepted upstream. IIRC the Debian kernel team > has similar policies. Why hasn't RedHat upstreamed the patch? They are > usually good about doing that. Perhaps you could push them to do so.
Normally, I'd totally agree. I do not know why RedHat has chosen to carry the PIE patches for 5 years[1], but they have. I[2] and others[3] have asked over the years, but no one with a deep enough understanding of the affected code has had the time to get it upstream. That said, the patches[4] in RedHat have a full test-suite associated with them. They're applied after their massive Archer patchset[5], so I had to fiddle pretty hard to get the PIE support working in the Debian package. As seen at the end of the Ubuntu gdb series file: # RH stack that seems to be needed for sane PIE handling gdb-6.3-test-pie-20050107.patch gdb-6.5-bz203661-emit-relocs.patch gdb-workaround-rh-stack-on.patch gdb-6.6-buildid-locate.patch gdb-6.3-pie-20050110.patch gdb-workaround-rh-stack-off.patch -Kees [1] https://bugzilla.redhat.com/show_bug.cgi?id=130423 [2] http://sourceware.org/ml/gdb-patches/2008-05/msg00269.html [3] http://sourceware.org/ml/gdb/2006-08/msg00188.html [4] http://cvs.fedora.redhat.com/viewvc/devel/gdb/ [5] http://fedoraproject.org/wiki/Features/Archer -- Kees Cook @debian.org -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
