On 2011-05-11, Kevin Fenzi <kevin@xxxxxxxxx> wrote: > > * #563 suggested policy: all daemons must set RELRO and PIE flags > (nirik, 17:35:15) > * AGREED: will enable them both by default in rawhide and see if we > run into issues. (nirik, 17:39:26) > Hm, right now I found a problem caused by enabling PIE in an application. It's about edquota segfaulting in nss_db (bug #703567): edquota has global non-static variable `dirname'. edquota calls libc getpwnam(), getpwnam dlopens nss_db, nss_db calls libc dirname(). But because edquota is PIE, the dirname symbol is made dynamic and visible in symbol table. Then dynamic linker preffers dirname form edquota and nss_db jumps on address of edquota dirname variable. Ooops. One could say mark all global objects and functions as static. But this is a lot of code to change and there still remains symbols that must be made accesible from other object files. I guess dynamic linking with PIE executables will polute name space outrageously. -- Petr -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
