Re: _hardened_build not affecting libtool-compiled libraries

Am 24.06.2013 21:47, schrieb Richard W.M. Jones: >> $ hardening-check ./usr/lib64/nbdkit/plugins/nbdkit-xz-plugin.so >> ./usr/lib64/nbdkit/plugins/nbdkit-xz-plugin.so: >> Position Independent Executable: no, regular shared library (ignored) >> Stack protected: yes >> Fortify Source functions:

Re: _hardened_build not affecting libtool-compiled libraries

Am Dienstag, den 25.06.2013, 08:29 +0100 schrieb Richard W.M. Jones: > On Mon, Jun 24, 2013 at 07:39:59PM -0400, Paul Wouters wrote: > > On Mon, 24 Jun 2013, Richard W.M. Jones wrote: > > > > >Note there is still a problem that an LDFLAGS hack was needed in the > > >spec file, otherwise libtool (o

Re: _hardened_build not affecting libtool-compiled libraries

On Mon, Jun 24, 2013 at 07:39:59PM -0400, Paul Wouters wrote: > On Mon, 24 Jun 2013, Richard W.M. Jones wrote: > > >Note there is still a problem that an LDFLAGS hack was needed in the > >spec file, otherwise libtool (or something) eats the hardening LDFLAGS. > > Too often Makefiles contain CFLAG

Re: _hardened_build not affecting libtool-compiled libraries

On Mon, 24 Jun 2013, Richard W.M. Jones wrote: Note there is still a problem that an LDFLAGS hack was needed in the spec file, otherwise libtool (or something) eats the hardening LDFLAGS. Too often Makefiles contain CFLAGS= / LDFLAGS=, instead of CFLAGS?= / LDFLAGS?= Paul -- devel mailing lis

Re: _hardened_build not affecting libtool-compiled libraries

On Mon, Jun 24, 2013 at 08:46:51PM +0100, Richard W.M. Jones wrote: > On Mon, Jun 24, 2013 at 09:13:29PM +0200, Miloslav Trmač wrote: > > On Mon, Jun 24, 2013 at 8:46 PM, Richard W.M. Jones > > wrote: > > > but the plugins from that build are not hardened fully: > > Isn't it possible that the plu

Re: _hardened_build not affecting libtool-compiled libraries

On Mon, Jun 24, 2013 at 09:13:29PM +0200, Miloslav Trmač wrote: > On Mon, Jun 24, 2013 at 8:46 PM, Richard W.M. Jones wrote: > > but the plugins from that build are not hardened fully: > Isn't it possible that the plugins are just so trivial that there were > no opportunities for hardening? > > >

Re: _hardened_build not affecting libtool-compiled libraries

On Mon, Jun 24, 2013 at 8:46 PM, Richard W.M. Jones wrote: > but the plugins from that build are not hardened fully: Isn't it possible that the plugins are just so trivial that there were no opportunities for hardening? > $ hardening-check ./usr/lib64/nbdkit/plugins/nbdkit-example1-plugin.so >

_hardened_build not affecting libtool-compiled libraries

Here's the problem (found by Björn Esser): https://bugzilla.redhat.com/show_bug.cgi?id=977446#c10 and then later on: https://bugzilla.redhat.com/show_bug.cgi?id=977446#c14 So it seems as if _hardened_build for some reason doesn't work for libtool-compiled libraries. It does look as if the