Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#26435 - [namcap] Print notice when GNU_RELRO is missing in ELF file.

Attached to Project: Arch Linux
Opened by Sverd Johnsen (sjohnsen) - Friday, 14 October 2011, 01:22 GMT
Last edited by Doug Newgard (Scimmia) - Monday, 19 December 2016, 05:46 GMT
Task Type Feature Request
Category Arch Projects
Status Closed
Assigned To Rémy Oudompheng (remyoudompheng)
Architecture All
Severity Very Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No


When GNU_RELRO is missing in a ELF file, namcap should print a notice informing the packager that LDFLAGS have been ignored during the build.

Besides highlighting issues in upstream build configuration, RELRO is desirable for various reasons and has been in our LDFLAGS for quite a while now by default.

readelf -p /bin/foo | grep GNU_RELRO
This task depends upon

Closed by  Doug Newgard (Scimmia)
Monday, 19 December 2016, 05:46 GMT
Reason for closing:  Implemented
Comment by Jason William Walton (jasonww) - Saturday, 12 May 2012, 07:10 GMT
Since namcap is using pyelftools now, checking for PT_GNU_RELRO in addition to PT_GNU_STACK (?) shouldn't slow it down too much.

Comment by Daniel Micay (thestinger) - Friday, 26 December 2014, 07:23 GMT
There are no false positives for this check at packaging time, so +1.

Sadly, there's no viable way to do a reliable check for missing SSP (-fstack-protector-strong) because many small executables simply don't have viable candidate functions for it to protect.
Comment by Kyle Keen (keenerd) - Sunday, 11 December 2016, 04:54 GMT
Feature added in commit 5741e2f.