Bug 1238804
Summary: | /usr/bin/perl is not linked with -z now and -pie, perl crashes with -pie | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Petr Pisar <ppisar> | ||||
Component: | perl | Assignee: | Petr Pisar <ppisar> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | rawhide | CC: | ajax, cweyl, emmanuel, h.reindl, iarnell, jplesnik, kasal, mattdm, moez.roy, perl-devel, ppisar, psabata, rc040203, tcallawa | ||||
Target Milestone: | --- | Keywords: | Reopened | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
URL: | http://permalink.gmane.org/gmane.linux.redhat.fedora.devel/208954 | ||||||
Whiteboard: | |||||||
Fixed In Version: | perl-5.26.0-392.fc27 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-08-07 06:04:02 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1199775, 1242769, 1242802 | ||||||
Attachments: |
|
Description
Petr Pisar
2015-07-02 16:15:47 UTC
The issue is some perl packages fails tests or the interpreter segfaults if /usr/bin/perl is linked with -pie option. This must be fixed or reverted. Known failures: smartmatch-engine-core: tests segfaul on x86_64 perl-Algorithm-CurveFit: tests fails in this pure Perl code perl-B-Utils: tests fail on x86 perl-PDL-Graphics-PLplot: tests segfault on x86_64 I will disable hardening in perl.spec and I will work with upstream and Fedora toolchain maintainers to identify and fix the cause. Hardening disabled in: perl-5.22.0-349.fc23 perl-5.22.0-349.fc24 *** Bug 1283947 has been marked as a duplicate of this bug. *** PIE is one thing Full RELRO is another one http://tk-blog.blogspot.co.at/2009/02/relro-not-so-well-known-memory.html [root@localhost:~]$ hardening-check /usr/bin/perl /usr/bin/perl: Position Independent Executable: no, normal executable! Stack protected: no, not found! Fortify Source functions: unknown, no protectable libc functions used Read-only relocations: yes Immediate binding: no, not found! This message is a reminder that Fedora 23 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 23. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '23'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 23 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. and why can't i change the realse from 23 to 24 here? You can. Created attachment 1223847 [details]
screenshot bugzilla
no i can't - see screenshot - on top of this bugreport all options are missing
I have no idea what's wrong. (In reply to Harald Reindl from comment #7) > and why can't i change the realse from 23 to 24 here? The two main possibilities are: 1) Bugzilla sees you as logged out despite the fact that you're logged in. 2) You're logged in but don't have the necessary permissions to edit this bug. You can check your permissions at https://bugzilla.redhat.com/userprefs.cgi?tab=permissions *** Bug 984185 has been marked as a duplicate of this bug. *** /usr/bin/perl is now built with all necessary options, but the resulting executable differs from other executables: $ readelf -d /usr/bin/rpm | grep NOW 0x0000000000000018 (BIND_NOW) 0x000000006ffffffb (FLAGS_1) Flags: NOW PIE $ readelf -d /usr/bin/perl | grep NOW 0x000000000000001e (FLAGS) BIND_NOW 0x000000006ffffffb (FLAGS_1) Flags: NOW PIE I need to figure out if this is a problem or not. BIND_NOW is -z now aka "Full RELRO" http://tk-blog.blogspot.co.at/2009/02/relro-not-so-well-known-memory.html it's peferred but not always possible I've already got response from Florian Weimer. Because the perl was built with -Wl,--enable-new-dtags, the way how binding metadata are expresses is a little bit different, but still perfectly valid and secure. I reported bug #1478470 against rpmgrill. |