#3110 Change: Linker Error On Security Issues
Closed: Accepted a year ago by sgallagh. Opened a year ago by amoloney.

Change the system linker (ld.bfd) so that by default it will generate an error message and fail if it is asked to create an executable binary that contains one or more known security issues. These issues are:

an executable stack
a loadable segment with read, write and execute permissions,
a thread local storage segment with execute permission.

Owners, do not implement this work until the FESCo vote has explicitly ended.
The Fedora Program Manager will create a tracking bug in Bugzilla for this Change, which is your indication to proceed.
See the FESCo ticket policy and the Changes policy for more information.

REMINDER: This ticket is for FESCo members to vote on the proposal. Further discussion should happen in the devel list thread linked above.


I'm making a procedural -1 here until at least @ngompa 's comment is addressed in the Discourse chat.

I don't much like that there is no clear mechanism for ignoring such errors on a short-term basis. I think we want to have a macro of some sort, if only so we can easily scrape the specfiles for places where it's used and track whether they get fixed in a timely manner.

What's the status here?

Oh, I see that there was a reply from Change Owner with a promise of a rework. So let's wait for that.

RIght - I am working a patch to redhat-rpm-config instead of the binutils that will add a make-linker-warnings-about-execstack-or-rwx-segments-into-errors option into the default hardening options, along with a macro to turn this feature off.

@nickc Would you mind updating the Change page to reflect this? I will adjust my vote to +1 once that happens.

Sorry for the delay - I wanted to check that changing redhat-rpm-config would work before I updated the proposal. A good thing too, as my first attempt at a fix did not work. But a few iterations later and I now have a working patch.

I have updated the Change page to reflect the fact that it is redhat-rpm-config that is changing and not the linker itself, and to add in the method for disabling the change that can be used inside spec files. (%undefine _hardened_linker_errors).

With a working plan for opting out, I'm now +1 on this.

Thank you, @nickc

Let's keep voting open for a week until the last update, i.e. until 2023-12-08.

APPROVED (+4, 0, -0)

Metadata Update from @ngompa:
- Issue tagged with: pending announcement

a year ago

Metadata Update from @sgallagh:
- Issue close_status updated to: Accepted
- Issue status updated to: Closed (was: Open)

a year ago

Log in to comment on this ticket.

Metadata