| 1 |
On Tue, 2005-05-10 at 11:24 +0100, Pedro Venda wrote: |
| 2 |
> On Tuesday 10 May 2005 11:12, kakou wrote: |
| 3 |
> > Pedro Venda wrote: |
| 4 |
> > >hi everyone, |
| 5 |
> > > |
| 6 |
> > >I've started using hardened for a couple of weeks now. I've done an |
| 7 |
> > |
| 8 |
> > emerge -e |
| 9 |
> > |
| 10 |
> > >world and there are still 134 ET_EXEC binaries left, including for example |
| 11 |
> > >dhcpd. |
| 12 |
> > |
| 13 |
> > How do you count ET_EXEC binaries left ? |
| 14 |
> |
| 15 |
> scanelf -aR / | grep ET_EXEC | wc -l |
| 16 |
> |
| 17 |
> > |
| 18 |
> > >Shouldn't be 0 ET_EXEC binaries left after world recompilation? or could |
| 19 |
|
| 20 |
There will never be 0. A few things really need to be ET_EXEC. Any |
| 21 |
static binary for example will be ET_EXEC and pretty much all the glibc |
| 22 |
(ldconfig/localedef) |
| 23 |
|
| 24 |
Better for you todo a scanelf -pR |grep ET_EXEC |
| 25 |
|
| 26 |
scanelf -Rp|grep ET_EXEC| awk '{print $2}'| xargs file|grep -v |
| 27 |
"statically linked"|cut -d : -f 1| xargs qfile |
| 28 |
|
| 29 |
qfile comes from here and I'll add it to the tree soon. |
| 30 |
http://dev.gentoo.org/~solar/portage_misc/qfile.c |
| 31 |
|
| 32 |
|
| 33 |
> > it be |
| 34 |
> > |
| 35 |
> > >that some specific ebuilds prevent generation of pic binaries? |
| 36 |
> > > |
| 37 |
> > >regards, |
| 38 |
> > >pedro venda. |
| 39 |
> |
| 40 |
-- |
| 41 |
Ned Ludd <solar@g.o> |
| 42 |
|
| 43 |
-- |
| 44 |
gentoo-hardened@g.o mailing list |
Archives