Fedora 40's Linker Will Now Error Out On Security Issues

In addition to Fedora 40 applying systemd hardening settings to bolster system security, another security enhancement now approved by the Fedora Engineering and Steering Committee (FESCo) is on having the linker error out on encountering possible security issues.

The change is so that Fedora's default linker, ld.bfd, will generate an error if it's supposed to create an executable binary that contains one or more security issues. This linker security handling is currently set to check for an executable stack, a loadable segment with read/write/execute permissions, and a thread local storage segment with execute permissions.

By having the linker error out on security issues it will become more apparent for developers / those building the code that there are security implications rather than passing it off as an often-ignored warning.

More details on this policy change via the Fedora Wiki. Yesterday FESCo went ahead and approved this change for the Fedora 40 release.