Project

General

Profile

Bug #36316

No linker time hardening in ceph rpm builds

Added by Boris Ranto over 5 years ago. Updated about 5 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
rpm
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
mimic luminous
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

Currently, we do pass the hardened CFLAGS and CPPFLAGS when building the
code. However, we do not pass the hardened flags to the linker. This
means that the binaries are linked without the options like -Wl,-z,now.
As a result, we do not fully harden the binaries that we build.


Related issues

Copied to devops - Backport #36391: luminous: No linker time hardening in ceph rpm builds Resolved
Copied to devops - Backport #36392: mimic: No linker time hardening in ceph rpm builds Resolved

History

#2 Updated by Kefu Chai over 5 years ago

  • Status changed from Fix Under Review to Resolved

#3 Updated by Nathan Cutler over 5 years ago

  • Status changed from Resolved to Pending Backport

#4 Updated by Nathan Cutler over 5 years ago

  • Copied to Backport #36391: luminous: No linker time hardening in ceph rpm builds added

#5 Updated by Nathan Cutler over 5 years ago

  • Copied to Backport #36392: mimic: No linker time hardening in ceph rpm builds added

#6 Updated by Nathan Cutler about 5 years ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF