From: "Jun. T" <takimoto-j@kba.biglobe.ne.jp>
To: zsh-workers@zsh.org
Subject: Re: [Bug] modules zsh/tcp, zsh/zftp unloadable, probably affecting most modern Linuxes
Date: Wed, 7 Jun 2023 23:40:55 +0900 [thread overview]
Message-ID: <5E054934-C1FA-490E-9D4E-64E73907B280@kba.biglobe.ne.jp> (raw)
In-Reply-To: <3DE27489-7BD6-478C-95AC-9E35C4B3C944@kba.biglobe.ne.jp>
It seems using linker options '-z relro -z now' is now a widely
used way for enhancing security; see for example:
https://www.redhat.com/ja/blog/hardening-elf-binaries-using-relocation-read-only-relro
Both RedHat/Fedora/CentOS and Debian/Ubuntu are now using
these options by default.
zsh rpm for Fedora 'gcc ... -z lazy' for overriding '-z now'.
# this is not working now, but '-Wl,-z,lazy' would work.
It seems Debian zsh package does not try to override '-z now'.
Whether accepting '-z lazy' or not is up to the distribution,
but if using '-z lazy' (partial RELRO) is not recommended
from security point of view, then we can just document that
net/tcp must be loaded before zftp.
next prev parent reply other threads:[~2023-06-07 14:41 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-04 13:51 Marcus Müller
2023-06-04 20:37 ` Marcus Müller
2023-06-04 21:17 ` Philippe Troin
2023-06-05 19:35 ` Marcus Müller
2023-06-05 20:07 ` Bart Schaefer
2023-06-06 6:42 ` Jun T
2023-06-06 9:05 ` Peter Stephenson
2023-06-06 14:38 ` Jun. T
2023-06-06 15:01 ` Peter Stephenson
2023-06-06 16:37 ` Philippe Troin
2023-06-06 17:54 ` Mikael Magnusson
2023-06-07 2:05 ` Jun T
2023-06-07 2:35 ` Jun T
2023-06-07 14:40 ` Jun. T [this message]
2023-06-23 13:41 ` Jun. T
2023-06-07 9:25 ` Marcus Müller
2023-06-04 22:41 ` Axel Beckert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5E054934-C1FA-490E-9D4E-64E73907B280@kba.biglobe.ne.jp \
--to=takimoto-j@kba.biglobe.ne.jp \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).