#1797 Use hardened flags for building RPMs
Closed: Fixed None Opened 6 years ago by jhrozek.

We could use relro and bind_now linker flags to produce hardened binaries. That would require adding "-Wl,-z,now". The effect is that all dynamic symbols are resolved at start-up so that the GOT is read-only.

Before adding these flags we should do performance testing, these flags would negatively affect performance, especially on startup, not sure if during runtime, too.


Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.10 beta
rhbz: => 0
type: defect => task

Not critical for beta, can be done in 1.10 proper

milestone: SSSD 1.10 beta => SSSD 1.10.0
review: => 0

I will fix this together with #1510.

changelog: =>
owner: somebody => jhrozek
status: new => assigned

Fields changed

patch: 0 => 1

resolution: => fixed
status: assigned => closed

Fields changed

milestone: SSSD 1.10.0 => SSSD 1.10 beta

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.10 beta

2 years ago

Login to comment on this ticket.

Metadata