Thanks for the suggestion Francesco, but I tried
LDFLAGS='Wl,-z,now' emerge netkit-rsh
and that didn't seem to make any difference..
and still get a buch of warnings like the following:
QA Notice: /usr/bin/rcp is setXid, dynamically linked and using lazy bindings.
This combination is generally discouraged. Try: CFLAGS='-Wl,-z,now' emerge
netkit-rsh
:-/
As a matter of interest, does anyone know how the '-z,now' option is supposed
to plug the security hole associated with dynamic library linking of suid
programs? I assume that the important thing is to stop someone else
substituting their own libraries via something like the LD_LIBRARY_PATH
envar. The manual entry for the linker seems to say that '-z,now' just
causes the symbol to be resolved at load time rather than first use, but
it isn't clear to me what this change in timing achieves, assuming I
can get it to work..
Regards,
DigbyT
On Sat, Jun 11, 2005 at 07:42:02AM +0200, Francesco Talamona wrote:
On Saturday 11 June 2005 04:46, Digby Tarvin wrote:
When I emerge netkit-rsh (because I want to share a tape via rmt) I
get several warning such as:
QA Notice: /usr/bin/rlogin is setXid, dynamically linked and using
lazy bindings. This combination is generally discouraged. Try:
CFLAGS='-Wl,-z,now' emerge netkit-rsh
Which seems pretty reasonable - I would rather not use dynamic libs
on a suid program...
but my command line was:
# CFLAGS='-Wl,-z,now' emerge netkit-rsh
as the warning suggests :-/
So what is the best way to get emerge to build things in with the
recommended compile options?
Regards,
DigbyT
--
Digby R. S. Tarvin
[EMAIL PROTECTED] http://www.digbyt.com
I think it should be LDFLAGS, not CFLAGS:
LDFLAGS='Wl,-z,now' emerge netkit-rsh
Ciao
Francesco
--
Linux Version 2.6.11-gentoo-r9, Compiled #1 Wed Jun 8 05:32:03 2005 CEST
One 2.2GHz AMD Athlon 64 Processor, 2GB RAM, 4325.37 Bogomips Total
aemaeth
--
gentoo-user@gentoo.org mailing list
--
Digby R. S. Tarvin [EMAIL PROTECTED]
http://www.digbyt.com
--
gentoo-user@gentoo.org mailing list