| 1 |
On Sun, 2004-09-26 at 23:52, Duncan wrote: |
| 2 |
|
| 3 |
> What's this mean? What are the implications? How do I do that relinking |
| 4 |
> if I decide I need to? Can I fix it by enabling a feature in make.conf |
| 5 |
> or do I run a separate command? Either way, there's not enough info there |
| 6 |
> to actually DO it, nor do I even have enough info to rightly evaluate the |
| 7 |
> "security risk"! |
| 8 |
> |
| 9 |
> There's simply not enough there to be anything but a yet it's |
| 10 |
> labeled security risk. Someone's being *MEAN* with their teasing! =:^\ |
| 11 |
|
| 12 |
|
| 13 |
Sorry about that. This qa notice steams from an internal thread. It was |
| 14 |
intended for developers to see. I've got an open bug now to change the |
| 15 |
output of the qa notice. |
| 16 |
|
| 17 |
The append-ldflags is a function that comes from the flag-o-matic.eclass |
| 18 |
which is intended for the developer to use to add a string to the |
| 19 |
packages LDFLAGS. The user interface works just like the CFLAGS |
| 20 |
counterpart. |
| 21 |
|
| 22 |
So for example to make that message go away for crontab as a user you |
| 23 |
would do LDFLAGS="-Wl,-z,now" emerge virtual/cron |
| 24 |
|
| 25 |
The basic idea is rid our tree of setXid executables that have use lazy |
| 26 |
bindings. Lazy binding themselves present no immediate risk that's been |
| 27 |
documented. The behavior is just generally discouraged. |
| 28 |
|
| 29 |
To answer the question about can you add this to any files the answer is |
| 30 |
yes. For about a yaer or so now portage has accepted LDFLAGS via |
| 31 |
make.conf. |
| 32 |
Before you jump into a system-wide deployment of a linker flag be sure |
| 33 |
you understand what they do. The flag for one is known to slow down |
| 34 |
program startup. You wont really see it on a small executable but really |
| 35 |
big c++ app with alot of symbols that also loads alot of libraries you |
| 36 |
might. On the same token of slowdowns is the runtime speedup you gain |
| 37 |
because ld.so will already have looked up the entire symbol table. |
| 38 |
|
| 39 |
|
| 40 |
*mean* -solar |
| 41 |
|
| 42 |
|
| 43 |
-- |
| 44 |
Ned Ludd <solar@g.o> |
| 45 |
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer |
Archives