FS#26435 : [namcap] Print notice when GNU_RELRO is missing in ELF file.

FS#26435 - [namcap] Print notice when GNU_RELRO is missing in ELF file.

Attached to Project: Arch Linux
Opened by Sverd Johnsen (sjohnsen) - Friday, 14 October 2011, 01:22 GMT
Last edited by Doug Newgard (Scimmia) - Monday, 19 December 2016, 05:46 GMT

Task Type	Feature Request
Category	Arch Projects
Status	Closed
Assigned To	Rémy Oudompheng (remyoudompheng)
Architecture	All
Severity	Very Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	2 Jason William Walton (jasonww) (2011-10-17) Sverd Johnsen (sjohnsen) (2011-10-14)
Private	No

Details

When GNU_RELRO is missing in a ELF file, namcap should print a notice informing the packager that LDFLAGS have been ignored during the build.

Besides highlighting issues in upstream build configuration, RELRO is desirable for various reasons and has been in our LDFLAGS for quite a while now by default.

readelf -p /bin/foo | grep GNU_RELRO

This task depends upon

Closed by Doug Newgard (Scimmia)
Monday, 19 December 2016, 05:46 GMT
Reason for closing: Implemented

Comment by Jason William Walton (jasonww) - Saturday, 12 May 2012, 07:10 GMT

Since namcap is using pyelftools now, checking for PT_GNU_RELRO in addition to PT_GNU_STACK (?) shouldn't slow it down too much.

Bumped.

Comment by Daniel Micay (thestinger) - Friday, 26 December 2014, 07:23 GMT

There are no false positives for this check at packaging time, so +1.

Sadly, there's no viable way to do a reliable check for missing SSP (-fstack-protector-strong) because many small executables simply don't have viable candidate functions for it to protect.

Comment by Kyle Keen (keenerd) - Sunday, 11 December 2016, 04:54 GMT

Feature added in commit 5741e2f.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#26435 - [namcap] Print notice when GNU_RELRO is missing in ELF file.

Details

Loading...