| 1 |
On 08/28/14 19:23, Brian Dolbec wrote: |
| 2 |
> On Thu, 28 Aug 2014 17:57:11 -0400 |
| 3 |
> "Anthony G. Basile" <blueness@g.o> wrote: |
| 4 |
> |
| 5 |
>> scanelf is the last line of defense. If we get there, paxctl and |
| 6 |
>> paxctl-ng have failed, so we can't trust them really. Changing the |
| 7 |
>> exit code for scanelf could cause other issues, eg in portage where |
| 8 |
>> it is used in a few places. As we discussed today during the |
| 9 |
>> Hardened meeting, we'll ewarn if we get here. |
| 10 |
>> |
| 11 |
>> |
| 12 |
> scanelf is also used in the new python based revdep-rebuild. So, |
| 13 |
> changing it will cause issues there too. |
| 14 |
|
| 15 |
Thanks good to know. I had no intentions of even suggesting a changed |
| 16 |
behavior. I'm just pointing out why I wrote the eclass the way I did. |
| 17 |
You'll notice the exit code is used in conjunction with `&& continue` |
| 18 |
everywhere except scanelf, so one might wonder why. When I add the |
| 19 |
ewarn, I'll also add a comment explaining scanelfs behavior. |
| 20 |
|
| 21 |
-- |
| 22 |
Anthony G. Basile, Ph.D. |
| 23 |
Gentoo Linux Developer [Hardened] |
| 24 |
E-Mail : blueness@g.o |
| 25 |
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA |
| 26 |
GnuPG ID : F52D4BBA |
Archives