On Thu, 2015-03-12 at 10:41 -0400, Adam Jackson wrote: > On Thu, 2015-03-12 at 13:45 +0000, Petr Pisar wrote: > > On 2015-03-12, Nikos Mavrogiannopoulos <n...@redhat.com> wrote: > > > In rawhide building the gnutls guile bindings fails, and that's related > > > to the new hardening flags being enabled with [0]. The failure is quite > > > peculiar since the loading of a dynamic module fails [1] which already > > > is position independent. > > [...] > > > > > > [1]. https://bugzilla.redhat.com/show_bug.cgi?id=1196556 > > > > > The test-suite.log reads "file not found" which is far from "loading DSO > > failed". > > > > However I can add my recent story: After hardening perl, loading a DSO > > by perl failed. I believe the reason was the DSO had an undefined symbol > > which was not defined in any SO_NEEDed libraries. But because the symbol > > was never used at run-time, before hardening the executable, run-time > > linking passed. But after hardening, the -znow feature caused resolving > > all symbols at link time, including the missing symbol, so dlopen(3) > > failed. > > We may want to revisit this, honestly. The actual proposal was just to > build executables as PIE, right? Forcing -z now is a bit more than > maybe was expected.
What was the rationale of adding -z now to the hardening flags? Looking its description doesn't reveal any "hardening" features, and the gnutls guile module failure to build seems to be directly related to that flag: https://bugzilla.redhat.com/show_bug.cgi?id=1196556 regards, Nikos -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
