1 |
On 08/28/14 19:23, Brian Dolbec wrote: |
2 |
> On Thu, 28 Aug 2014 17:57:11 -0400 |
3 |
> "Anthony G. Basile" <blueness@g.o> wrote: |
4 |
> |
5 |
>> scanelf is the last line of defense. If we get there, paxctl and |
6 |
>> paxctl-ng have failed, so we can't trust them really. Changing the |
7 |
>> exit code for scanelf could cause other issues, eg in portage where |
8 |
>> it is used in a few places. As we discussed today during the |
9 |
>> Hardened meeting, we'll ewarn if we get here. |
10 |
>> |
11 |
>> |
12 |
> scanelf is also used in the new python based revdep-rebuild. So, |
13 |
> changing it will cause issues there too. |
14 |
|
15 |
Thanks good to know. I had no intentions of even suggesting a changed |
16 |
behavior. I'm just pointing out why I wrote the eclass the way I did. |
17 |
You'll notice the exit code is used in conjunction with `&& continue` |
18 |
everywhere except scanelf, so one might wonder why. When I add the |
19 |
ewarn, I'll also add a comment explaining scanelfs behavior. |
20 |
|
21 |
-- |
22 |
Anthony G. Basile, Ph.D. |
23 |
Gentoo Linux Developer [Hardened] |
24 |
E-Mail : blueness@g.o |
25 |
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA |
26 |
GnuPG ID : F52D4BBA |