Re: Changing compilation flags

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I testes some rebuilded binaries and BINDNOW isn't always enabled:
checksec -f /usr/bin/unrar
RELRO
Partial RELRO
checksec -f /usr/bin/qml (qt5-declarative)
RELRO
Partial RELRO
I don't know if -fno-plt was correctly passed but it's possible that build process doesn't work as intended. Maybe we need to patch binutils to enable z,now by default as Daniel advised?
On Wed Jul 5 16:51:55 UTC 2017, Daniel Micay wrote:
>There"s no loss of compatibility from only some code using it. The only
>issue with it is that immediate binding *must* be used to support it, so
>if CFLAGS is respected then LDFLAGS *must* be respected, or immediate
>binding needs to be set as the default in the linker(s).
On Wed Jul 5 19:04:51 UTC 2017 , Daniel Micay wrote:
>So I think it would be a good idea to flip the default to -z,now in the linker
>if we're going to use -fno-plt. I think they'd take a patch for that upstream.
>Clang issue could be avoided with a 1 line patch adding another no-op flag
>and they'd take that upstream. It's harmless to use the slower lazy linking
>calling convention when -fno-plt is passed. -fno-plt code is fully compatible
>with non -fno-plt code, the only requirement is that -fno-plt code is linked
>with -Wl,-z,now which works fine for non -fno-plt code too and is desirable
>for security either way.




[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux