1 |
On Sun, 2004-09-26 at 23:52, Duncan wrote: |
2 |
|
3 |
> What's this mean? What are the implications? How do I do that relinking |
4 |
> if I decide I need to? Can I fix it by enabling a feature in make.conf |
5 |
> or do I run a separate command? Either way, there's not enough info there |
6 |
> to actually DO it, nor do I even have enough info to rightly evaluate the |
7 |
> "security risk"! |
8 |
> |
9 |
> There's simply not enough there to be anything but a yet it's |
10 |
> labeled security risk. Someone's being *MEAN* with their teasing! =:^\ |
11 |
|
12 |
|
13 |
Sorry about that. This qa notice steams from an internal thread. It was |
14 |
intended for developers to see. I've got an open bug now to change the |
15 |
output of the qa notice. |
16 |
|
17 |
The append-ldflags is a function that comes from the flag-o-matic.eclass |
18 |
which is intended for the developer to use to add a string to the |
19 |
packages LDFLAGS. The user interface works just like the CFLAGS |
20 |
counterpart. |
21 |
|
22 |
So for example to make that message go away for crontab as a user you |
23 |
would do LDFLAGS="-Wl,-z,now" emerge virtual/cron |
24 |
|
25 |
The basic idea is rid our tree of setXid executables that have use lazy |
26 |
bindings. Lazy binding themselves present no immediate risk that's been |
27 |
documented. The behavior is just generally discouraged. |
28 |
|
29 |
To answer the question about can you add this to any files the answer is |
30 |
yes. For about a yaer or so now portage has accepted LDFLAGS via |
31 |
make.conf. |
32 |
Before you jump into a system-wide deployment of a linker flag be sure |
33 |
you understand what they do. The flag for one is known to slow down |
34 |
program startup. You wont really see it on a small executable but really |
35 |
big c++ app with alot of symbols that also loads alot of libraries you |
36 |
might. On the same token of slowdowns is the runtime speedup you gain |
37 |
because ld.so will already have looked up the entire symbol table. |
38 |
|
39 |
|
40 |
*mean* -solar |
41 |
|
42 |
|
43 |
-- |
44 |
Ned Ludd <solar@g.o> |
45 |
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer |