On 2024-06-25 10:37 AM, Kevin Fenzi
wrote:
I wonder if this wouldn't fit in as a CI test?
Do you mean https://docs.fedoraproject.org/en-US/ci/generic_tests/ ?
Maybe it would? If I misunderstand this, please correct me:
Because Fedora uses "-z,relro" and "-z,now" in %build_ldflags, all binaries should have a fully resolved GOT when they reach main(). That being the case, gdb could be started with any binary, at which point it could set a breakpoint at "main", run the binary, and then audit the GOT at the breakpoint.
Does that sound right?
Or something that might be added to rpminspect?
It's been a few months since I looked at rpminspect. Does it
install a package and all of its deps in order to inspect it? The
GOT can't be audited unless the process can start.
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
