Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Ned Ludd <solar@g.o>
To: Pedro Venda <pjvenda@××××××××××××.org>
Cc: gentoo-hardened@l.g.o, kakou <kakou@×××××.org>
Subject: Re: [gentoo-hardened] ET_EXEC binaries after emerge -e world
Date: Wed, 11 May 2005 10:06:24
Message-Id: 1115805266.15122.33.camel@localhost
In Reply to: Re: [gentoo-hardened] ET_EXEC binaries after emerge -e world by Pedro Venda
1 On Wed, 2005-05-11 at 10:32 +0100, Pedro Venda wrote:
2 > On Tuesday 10 May 2005 13:24, Ned Ludd wrote:
3 > > On Tue, 2005-05-10 at 11:24 +0100, Pedro Venda wrote:
4 > > > On Tuesday 10 May 2005 11:12, kakou wrote:
5 > > > > Pedro Venda wrote:
6 > > > > >hi everyone,
7 > > > > >
8 > > > > >I've started using hardened for a couple of weeks now. I've done an
9 > > > >
10 > > > > emerge -e
11 > > > >
12 > > > > >world and there are still 134 ET_EXEC binaries left, including for
13 > > > > > example dhcpd.
14 > > > >
15 > > > > How do you count ET_EXEC binaries left ?
16 > > >
17 > > > scanelf -aR / | grep ET_EXEC | wc -l
18 > > >
19 > > > > >Shouldn't be 0 ET_EXEC binaries left after world recompilation? or
20 > > > > > could
21 > >
22 > > There will never be 0. A few things really need to be ET_EXEC. Any
23 > > static binary for example will be ET_EXEC and pretty much all the glibc
24 > > (ldconfig/localedef)
25 > >
26 > > Better for you todo a scanelf -pR |grep ET_EXEC
27 > >
28 > > scanelf -Rp|grep ET_EXEC| awk '{print $2}'| xargs file|grep -v
29 > > "statically linked"|cut -d : -f 1| xargs qfile
30 > >
31 > > qfile comes from here and I'll add it to the tree soon.
32 > > http://dev.gentoo.org/~solar/portage_misc/qfile.c
33 >
34 > 183 binaries left.
35 >
36 > qfile does something like qpkg -f $file right?
37
38 Yes that's more or less all qfile does, few options (-nc|-C) = nocolor,
39 there is an -e option to print out exact matches of CAT/PF vs CAT/PN.
40 Lacks --help/man page..
41
42 As of the most recent gentoolkit the qpkg tool has been deprecated in
43 favor of equery. qpkg went unmaintained and genone asserted it was
44 flawed. equery uses a python backend and takes about 15-20 seconds just
45 to initialize. That drove me nuts hence qfile.
46
47 Had I suggested the equery command at 20 second runtime multiplied by
48 that 183 packages.. (picture nightmare).
49 The same command using qfile saves 61 mins of your life.
50
51 --
52 Ned Ludd <solar@g.o>
53
54 --
55 gentoo-hardened@g.o mailing list
Report Message
Find on MARC Find on Google Groups