On Wed, Jun 26, 2024 at 05:42:14PM GMT, Gordon Messmer wrote: > On 2024-06-25 10:37 AM, Kevin Fenzi wrote: > > I wonder if this wouldn't fit in as a CI test? > > > Do you mean https://docs.fedoraproject.org/en-US/ci/generic_tests/ ? yeah... > Maybe it would? If I misunderstand this, please correct me: > > Because Fedora uses "-z,relro" and "-z,now" in %build_ldflags, all binaries > should have a fully resolved GOT when they reach main(). That being the > case, gdb could be started with any binary, at which point it could set a > breakpoint at "main", run the binary, and then audit the GOT at the > breakpoint. > > Does that sound right? Sounds reasonable to me, but I don't know this area very well. > > Or something that might be added to rpminspect? > > > It's been a few months since I looked at rpminspect. Does it install a > package and all of its deps in order to inspect it? The GOT can't be > audited unless the process can start. yeah, I think it is able to start processes to test things, but I am again not sure of the details. So, hopefully rpminspect / ci folks will chime in... kevin
Attachment:
signature.asc
Description: PGP signature
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
