On 19.3.2015 08:16, Nikos Mavrogiannopoulos wrote:
On Wed, 2015-03-18 at 11:37 -0700, Moez Roy wrote:
FULL RELRO
http://tk-blog.blogspot.co.at/2009/02/relro-not-so-well-known-memory.html
If that's all we got I suggest to remove this flag or (better) provide a
way for applications that use modules to compile themselves, without
removing the whole set of hardening flags.
Any advise from the change owners? How should applications that use
modules with undefined systems should handle that? Should they add %
undefine _hardened_build by default?
I was doing some research last night but not tested it yet:
"nonow"
1) add -nonow to the CFLAGS
2) or add -z nonow to the LDFLAGS
doing the koji builds now to test and see if it works.
Also need to test if there is a -lazy option.
Why are you using -Wl,--no-add-needed in the LD flags?
I don't see the reason for it. Added Tomas (the previous maintainer) in
case he remembers.
If I remember correctly it was added to get rid of some unneeded
dependency that was otherwise pulled in. But it might be unnecessary
now. You could try to build the rpm (without hardening) with and without
the -Wl,--no-add-needed and see whether there are some additional
Requires added to the resulting rpms.
Regards,
Tomas
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
