Summary: | sys-apps/elfix-0.8.1[-ptpax] fails to compile with dev-libs/libelf | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Maxim Kammerer <mk> |
Component: | Hardened | Assignee: | The Gentoo Linux Hardened Team <hardened> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=470882 https://bugs.gentoo.org/show_bug.cgi?id=518524 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Maxim Kammerer
2013-04-09 11:28:47 UTC
Yep, known issue. Thanks for opening the bug. As you said, there is no ELF_C_RDWR_MMAP in libelf and I can't drop it down to just ELF_C_RDWR. The problem here is that elfix is supposed to be a suite of binaries to fix elfs on a hardened system. So while paxctl-ng doesn't touch any elf stuff with USE="-ptpax", fix-gnustack still does and must. I've got some choices: 1) get ELF_C_RDWR_MMAP into libelf, 2) see if I can get away with ELF_C_RDWR in fix-gnustack, 3) only build fix-gnustack if elfuitls is available. Well, you know better, but (2) and (3) look the easiest, although (3) looks like it will cause some kind of automagic dependency. (In reply to comment #2) > Well, you know better, but (2) and (3) look the easiest, although (3) looks > like it will cause some kind of automagic dependency. Of course that would have to be avoided. After experimenting with elfix a bit, I suggest disabling fix-gnustack for USE=-ptpax. If the user doesn't need support for changing ELF header flags, then having fix-gnustack around doesn't make much sense. I would also separate pypaxctl, revdep-pax, migrate-pax and the Python plugin into something like USE=tools, since these tools are arguably needed only on a development system. Hi, any news? (In reply to comment #5) > Hi, any news? Thanks for the ping. I hadn't forgotten but until the semester ended, I could not get to any xattr pax stuff. Please test elfix-0.8.2 I upgraded elfix+pypax to 0.8.2 without issues, paxctl-ng works fine, fix-gnustack is not installed. (In reply to comment #8) > I upgraded elfix+pypax to 0.8.2 without issues, paxctl-ng works fine, > fix-gnustack is not installed. Correct. There are problems with ELF_C_RDWR{,_MMAP} in libelf. I'm looking into it now. (In reply to comment #9) > (In reply to comment #8) > > I upgraded elfix+pypax to 0.8.2 without issues, paxctl-ng works fine, > > fix-gnustack is not installed. > > Correct. There are problems with ELF_C_RDWR{,_MMAP} in libelf. I'm looking > into it now. Okay bug #470882 opened to see this through. |