Thanks for the suggestion Francesco, but I tried LDFLAGS='Wl,-z,now' emerge netkit-rsh and that didn't seem to make any difference..
and still get a buch of warnings like the following: QA Notice: /usr/bin/rcp is setXid, dynamically linked and using lazy bindings. This combination is generally discouraged. Try: CFLAGS='-Wl,-z,now' emerge netkit-rsh :-/ As a matter of interest, does anyone know how the '-z,now' option is supposed to plug the security hole associated with dynamic library linking of suid programs? I assume that the important thing is to stop someone else substituting their own libraries via something like the LD_LIBRARY_PATH envar. The manual entry for the linker seems to say that '-z,now' just causes the symbol to be resolved at load time rather than first use, but it isn't clear to me what this change in timing achieves, assuming I can get it to work.. Regards, DigbyT On Sat, Jun 11, 2005 at 07:42:02AM +0200, Francesco Talamona wrote: > On Saturday 11 June 2005 04:46, Digby Tarvin wrote: > > When I emerge netkit-rsh (because I want to share a tape via rmt) I > > get several warning such as: > > QA Notice: /usr/bin/rlogin is setXid, dynamically linked and using > > lazy bindings. This combination is generally discouraged. Try: > > CFLAGS='-Wl,-z,now' emerge netkit-rsh > > > > Which seems pretty reasonable - I would rather not use dynamic libs > > on a suid program... > > > > but my command line was: > > # CFLAGS='-Wl,-z,now' emerge netkit-rsh > > as the warning suggests :-/ > > > > So what is the best way to get emerge to build things in with the > > recommended compile options? > > > > Regards, > > DigbyT > > -- > > Digby R. S. Tarvin > > [EMAIL PROTECTED] http://www.digbyt.com > > I think it should be LDFLAGS, not CFLAGS: > LDFLAGS='Wl,-z,now' emerge netkit-rsh > > Ciao > Francesco > -- > Linux Version 2.6.11-gentoo-r9, Compiled #1 Wed Jun 8 05:32:03 2005 CEST > One 2.2GHz AMD Athlon 64 Processor, 2GB RAM, 4325.37 Bogomips Total > aemaeth > -- > [email protected] mailing list -- Digby R. S. Tarvin [EMAIL PROTECTED] http://www.digbyt.com -- [email protected] mailing list
