Il giorno lun, 23/01/2012 alle 20.40 +0100, Jason A. Donenfeld ha scritto: > What I propose is just to detect at merge-time whether or not there > are SUID binaries that are not PIE, and if so, spit out a Q&A > warning. > > That way, package maintainers could fix things up bit by bit, without > having to burden you alone with tinderbox troubles.
The quick answer is: "you can try but it's not going to happen". It's not something we haven't done before, in relation to suid binaries. For quite a long time we've had the "immediate binding" warning on suid binaries built without -Wl,-z,now — it was removed once both uclibc and glibc took care of forcing immediate bindings at the loader's level for suid binaries, but we've had packages throwing that warning till the very last moment. Even though it was already a warning when _I_ became a dev. Sigh :) -- Diego Elio Pettenò <flamee...@gentoo.org> Gentoo Linux
signature.asc
Description: This is a digitally signed message part
