#1797 Use hardened flags for building RPMs
Closed: Fixed None Opened 7 years ago by jhrozek.

We could use relro and bind_now linker flags to produce hardened binaries. That would require adding "-Wl,-z,now". The effect is that all dynamic symbols are resolved at start-up so that the GOT is read-only.

Before adding these flags we should do performance testing, these flags would negatively affect performance, especially on startup, not sure if during runtime, too.


Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.10 beta
rhbz: => 0
type: defect => task

Not critical for beta, can be done in 1.10 proper

milestone: SSSD 1.10 beta => SSSD 1.10.0
review: => 0

I will fix this together with #1510.

changelog: =>
owner: somebody => jhrozek
status: new => assigned

Fields changed

patch: 0 => 1

resolution: => fixed
status: assigned => closed

Fields changed

milestone: SSSD 1.10.0 => SSSD 1.10 beta

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.10 beta

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2839

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata