| 1 |
Il giorno lun, 23/01/2012 alle 20.40 +0100, Jason A. Donenfeld ha |
| 2 |
scritto: |
| 3 |
> What I propose is just to detect at merge-time whether or not there |
| 4 |
> are SUID binaries that are not PIE, and if so, spit out a Q&A |
| 5 |
> warning. |
| 6 |
> |
| 7 |
> That way, package maintainers could fix things up bit by bit, without |
| 8 |
> having to burden you alone with tinderbox troubles. |
| 9 |
|
| 10 |
The quick answer is: "you can try but it's not going to happen". |
| 11 |
|
| 12 |
It's not something we haven't done before, in relation to suid binaries. |
| 13 |
For quite a long time we've had the "immediate binding" warning on suid |
| 14 |
binaries built without -Wl,-z,now — it was removed once both uclibc and |
| 15 |
glibc took care of forcing immediate bindings at the loader's level for |
| 16 |
suid binaries, but we've had packages throwing that warning till the |
| 17 |
very last moment. |
| 18 |
|
| 19 |
Even though it was already a warning when _I_ became a dev. |
| 20 |
|
| 21 |
Sigh :) |
| 22 |
|
| 23 |
-- |
| 24 |
Diego Elio Pettenò <flameeyes@g.o> |
| 25 |
Gentoo Linux |
Archives