Re: New hardened build support (coming) in F16

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/08/2011 06:23 PM, Adam Jackson wrote:
> Once that's done (and redhat-rpm-config-9.1.0-15.fc16 has been gone 
> through updates), if you're using a %configure-style spec file, defining 
> the magic macro is all you have to do.  The rpm macros will notice the 
> macro, and put the right magic into CFLAGS and LDFLAGS, and everything 
> is great and wonderful.

I am not sure I understand the implications. If I compile my package
which provides a daemon (=worth full relro) and few libraries with the
magic macro, which defines LDFLAGS=-Wl,-z,now, all shared libraries from
the build will get full relro too. What happens to applications, which
link my libs?

1) will they start slower because of the relocations in the shared lib?
2) can they use prelink?

Or should I hack Makefiles to use full relro only for daemons (and other
security relevant binaries) and leave shared libs with partial relro
only? Will be the daemon 'safe enough' if it consumes libraries with
partial relro?

--
Jan
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux