Announcement

Collapse
No announcement yet.

Fedora 40's Linker Will Now Error Out On Security Issues

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Fedora 40's Linker Will Now Error Out On Security Issues

    Phoronix: Fedora 40's Linker Will Now Error Out On Security Issues

    In addition to Fedora 40 applying systemd hardening settings to bolster system security, another security enhancement now approved by the Fedora Engineering and Steering Committee (FESCo) is on having the linker error out on encountering possible security issues...

    Fedora 40's Linker Will Now Error Out On Security Issues - Phoronix
    https://www.phoronix.com/news/F40-Better-Linker-Security
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
    • Likes 1
  • #2
    This sounds like a nice improvement. Will it also error out when overlapping segments have different permissions?
    • Likes 3

    Comment

    • #3
      That actually sounds pretty nice. I did notice this:

      I have updated the Change page to reflect the fact that it is redhat-rpm-config that is changing and not the linker itself, and to add in the method for disabling the change that can be used inside spec files. (%undefine _hardened_linker_errors).​
      And, well, **laughs in CentOS Spec Files**

      They're gonna have a "fun" time when this trickles down to RHEL where an unknown number of closed source spec files may or may not have this linker flag set.

      • Likes 1

      Comment

      • #4
        Originally posted by skeevy420 View Post
        That actually sounds pretty nice. I did notice this:

        And, well, **laughs in CentOS Spec Files**

        They're gonna have a "fun" time when this trickles down to RHEL where an unknown number of closed source spec files may or may not have this linker flag set.
        CentOS has redhat-rpm-config package too. Often changes in default compiler flags bubble up the security issues to third party packages and they either fix these issues (hopefully) or atleast they will have to explicitly disable it so they are aware that these problems exist in whatever they are shipping.
        • Likes 3

        Comment

        • #5
          Originally posted by skeevy420 View Post
          They're gonna have a "fun" time when this trickles down to RHEL where an unknown number of closed source spec files may or may not have this linker flag set.
          Given the various dependencies (binutils updates), I would not expect this to be seen until the RHEL10 timeframe, at which time 3rd parties would be expected to need to review and revise and test their offerings for RHEL10 anyway. While closed source offerings may do the darndest things, the coding that creates the security issues is not especially common (according to some testing only a handful of packages in all of Fedora will need to be modified, and at least one of them needed to be changed anyway due to other requirement changes).
          • Likes 3

          Comment

          • #6
            It could reveal some *very* old and embarrassing bugs. Good stuff. I, too, tend to just recompile source rpms without much care.
            • Likes 1

            Comment

            Previous template Next
            Working...
            X