On 08/08/2011 06:23 PM, Adam Jackson wrote: > Once that's done (and redhat-rpm-config-9.1.0-15.fc16 has been gone > through updates), if you're using a %configure-style spec file, defining > the magic macro is all you have to do. The rpm macros will notice the > macro, and put the right magic into CFLAGS and LDFLAGS, and everything > is great and wonderful. I am not sure I understand the implications. If I compile my package which provides a daemon (=worth full relro) and few libraries with the magic macro, which defines LDFLAGS=-Wl,-z,now, all shared libraries from the build will get full relro too. What happens to applications, which link my libs? 1) will they start slower because of the relocations in the shared lib? 2) can they use prelink? Or should I hack Makefiles to use full relro only for daemons (and other security relevant binaries) and leave shared libs with partial relro only? Will be the daemon 'safe enough' if it consumes libraries with partial relro? -- Jan -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
