On Tue, Apr 02, 2024 at 07:40:33AM +0200, Andreas Schneider wrote: > On Saturday, 30 March 2024 10:37:44 CEST Richard W.M. Jones wrote: > > These are just my thoughts on a Saturday morning. Feedback welcome of > > course. > > I find the use of the ifunc attribute is really uncommon at this place. I > would expect it in ffmpeg or some media codecs. In xz it looks like it is only > there to hook in the payload. The software I know normally uses target > cloning. In hindsight it's suspicious, but it's not generally suspicious for a project that needs to generate optimal code for different sub-architectures (eg. something that does fast decompression) to use the mechanism for that purpose, ifunc. That said, ifunc is a very complicated, fragile but powerful mechanism and I'd like to know from the glibc developers what we should look out for. For example: - Is it ever valid for ifunc to take control of functions in another library? Can this be detected by ld.so? - Can some wrappers be developed to make it both easier and safer? > I think the use of the ifunc attribute should be a red flag. Can't we check > for it with rpmlint and let the security team verify it? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://libguestfs.org -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
