Bug 2151899
| Summary: | annocheck reports that no compiled code found for thin_metadata_pack and thin_metadata_unpack binaries | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Gabriel Gaspar Becker <ggasparb> |
| Component: | device-mapper-persistent-data | Assignee: | Marian Csontos <mcsontos> |
| Status: | NEW --- | QA Contact: | Filip Suba <fsuba> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | low | ||
| Version: | 9.0 | CC: | agk, cwei, heinzm, jbrassow, jpazdziora, lvm-team, mcsontos, msnitzer, nickc, thornber |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | --- | Flags: | jpazdziora:
needinfo?
(lvm-team) ggasparb: needinfo? (mcsontos) jpazdziora: needinfo? (lvm-team) |
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Gabriel Gaspar Becker
2022-12-08 14:09:29 UTC
This is not really an error. Annocheck has deduced that the thin_metadata_unpack binary does not contain any compiled code, and therefore does not need protection from stack clash attacks. The newest version of annocheck (10.94) produces slightly different text, but overall the result is the same: annocheck: Version 10.94. [...] Hardened: ./usr/sbin/thin_metadata_unpack: info: assembler built by GCC detected - treating as pure assembler. Hardened: ./usr/sbin/thin_metadata_unpack: skip: stack-prot test because no code present - therefore no stack protection needed Hardened: ./usr/sbin/thin_metadata_unpack: Overall: PASS. Hello maintainers, does # file /usr/sbin/thin_metadata_pack /usr/sbin/thin_metadata_pack: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=ff9f19e5bf68dadf34b05b439818f7d670287bcf, for GNU/Linux 3.2.0, stripped contain some compiled code or not? I checked build.log but I couldn't find an explicit line where that binary is built / linked. These binaries are rust programs: https://github.com/jthornber/thin-provisioning-tools/commit/61de3f92873310d8a25a8392f7e53ef67cc3d88c and the versions match: the tools were introduced in 0.9.0 https://gitlab.com/redhat/centos-stream/rpms/device-mapper-persistent-data/-/blob/c9s/device-mapper-persistent-data.spec#L215 Just to be clear, whilst the device-mapper-persistent-data package may contain code written in Rust, the two binaries which are producing problematic annocheck results - thin_metadata_pack and thin_metadata_unpack - do not contain any code. (At least none that I can find). For the record, annocheck 11.05 reports skip: stack-prot test because sources compiled as if they were assembler are not checked by this test skip: pic test because sources compiled as if they were assembler are not checked Hello LVM / device-mapper maintainers, is this assessment of these two binaries by annocheck correct? Those two tools in v0.9 are written in Rust. I don't know why your annocheck tool objects to them. The latest v1.0 version of thinp tools contains only Rust tools, so you may get more of these messages. Thanks for chiming in, Joe. Can you confirm Nick's conclusion from comment 4 that those two binaries do not contain any code? Let me get Marian (the packager) to double check for you. There certainly should be code in there. |