On Thu, 2011-05-12 at 14:26 +0000, Petr Pisar wrote: > On 2011-05-11, Kevin Fenzi <kevin@xxxxxxxxx> wrote: > > > > * #563 suggested policy: all daemons must set RELRO and PIE flags > > (nirik, 17:35:15) > > * AGREED: will enable them both by default in rawhide and see if we > > run into issues. (nirik, 17:39:26) > > Hm, right now I found a problem caused by enabling PIE in an application. > It's about edquota segfaulting in nss_db (bug #703567): > > edquota has global non-static variable `dirname'. edquota calls libc > getpwnam(), getpwnam dlopens nss_db, nss_db calls libc dirname(). But > because edquota is PIE, the dirname symbol is made dynamic and visible > in symbol table. Then dynamic linker preffers dirname form edquota and > nss_db jumps on address of edquota dirname variable. Ooops. > > One could say mark all global objects and functions as static. But this > is a lot of code to change and there still remains symbols that must be > made accesible from other object files. I guess dynamic linking with > PIE executables will polute name space outrageously. That's... unpleasant. And I'm not entirely sure it's intentional, I wouldn't expect -fPIE to imply -rdynamic. But my understanding of the problem may be naÃve. I'll dig on this, thanks for bringing it up. (Obviously I'll be holding off updating the rpm macros until this is sorted.) - ajax
Attachment:
signature.asc
Description: This is a digitally signed message part
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel