From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 14685 invoked from network); 1 Oct 2004 03:01:31 +0000 Received: from smtp.gentoo.org (156.56.111.197) by lists.gentoo.org with AES256-SHA encrypted SMTP; 1 Oct 2004 03:01:31 +0000 Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org) by smtp.gentoo.org with esmtp (Exim 4.41) id 1CDDfg-0007BF-U0 for arch-gentoo-dev@lists.gentoo.org; Fri, 01 Oct 2004 03:01:27 +0000 Received: (qmail 19006 invoked by uid 89); 1 Oct 2004 03:01:24 +0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 7253 invoked from network); 1 Oct 2004 03:01:24 +0000 From: Ned Ludd Reply-To: solar@gentoo.org To: Duncan <1i5t5.duncan@cox.net> Cc: gentoo-dev@lists.gentoo.org In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-pJqAt08A23clICEOauqq" Organization: Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer Message-Id: <1096599618.27475.712.camel@simple> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Thu, 30 Sep 2004 23:00:18 -0400 Subject: Re: [gentoo-dev] Portage 2.0.51 comments/questions X-Archives-Salt: 396c424f-9959-4652-bcf8-e94945096252 X-Archives-Hash: f65414e2a44380c09bca4daa97685a8e --=-pJqAt08A23clICEOauqq Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sun, 2004-09-26 at 23:52, Duncan wrote: > What's this mean? What are the implications? How do I do that relinking > if I decide I need to? Can I fix it by enabling a feature in make.conf > or do I run a separate command? Either way, there's not enough info ther= e > to actually DO it, nor do I even have enough info to rightly evaluate the > "security risk"! >=20 > There's simply not enough there to be anything but a yet it's > labeled security risk. Someone's being *MEAN* with their teasing! =3D:^\ Sorry about that. This qa notice steams from an internal thread. It was intended for developers to see. I've got an open bug now to change the output of the qa notice. The append-ldflags is a function that comes from the flag-o-matic.eclass which is intended for the developer to use to add a string to the packages LDFLAGS. The user interface works just like the CFLAGS counterpart.=20 So for example to make that message go away for crontab as a user you would do LDFLAGS=3D"-Wl,-z,now" emerge virtual/cron The basic idea is rid our tree of setXid executables that have use lazy bindings. Lazy binding themselves present no immediate risk that's been documented. The behavior is just generally discouraged. To answer the question about can you add this to any files the answer is yes. For about a yaer or so now portage has accepted LDFLAGS via make.conf.=20 Before you jump into a system-wide deployment of a linker flag be sure you understand what they do. The flag for one is known to slow down program startup. You wont really see it on a small executable but really big c++ app with alot of symbols that also loads alot of libraries you might. On the same token of slowdowns is the runtime speedup you gain because ld.so will already have looked up the entire symbol table. *mean* -solar --=20 Ned Ludd Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer --=-pJqAt08A23clICEOauqq Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBBXMhC94CCfB4KcwwRAqbzAJ4ppePoZd4emA4lCculfXBeyeSFmgCgw7vH 4hA94s3p9iFvmP5Lxn/kbY0= =VuEH -----END PGP SIGNATURE----- --=-pJqAt08A23clICEOauqq--