From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	MAILING_LIST_MULTI,T_SCC_BODY_TEXT_LINE autolearn=ham
	autolearn_force=no version=3.4.4
Received: (qmail 13489 invoked from network); 7 Jun 2023 14:41:30 -0000
Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368)
  by inbox.vuxu.org with ESMTPUTF8; 7 Jun 2023 14:41:30 -0000
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20210803; t=1686148890;
	 b=LzwwYNrsNQKkla5fbKCQw4u6Mp7yvEHtxPcAmrsaidpz0mYB9waSySx+u1AfWAco9g+YhurN0t
	  zs9eR7EW2Ysr/YrGQgjGqmk5cR+U/IROVzXogYAh4ObGodPVfJ3gC3+6VYYH5stdFLIfZH2695
	  3ogO20iC7XC8ySPhcHVTb79reJX+pCT4SBeyMZNkvX0kOkDkAu0mM+QDcV3+3yF5tIxg6XJj5C
	  HgIVHcHt1c1yU8xD11t6WgDaclM8nvPY3ReI84nHZeZXDPdZ6t5pGBHULGxqfnJJ0Uk8WTsL0c
	  Wk60ZBtqQYtuvyyl+QOoPqad57IzFEaNtLmonnnUa1WBVg==;
ARC-Authentication-Results: i=1; zsh.org;
	iprev=pass (snd00004-bg.im.kddi.ne.jp) smtp.remote-ip=27.86.113.4;
	dmarc=none header.from=kba.biglobe.ne.jp;
	arc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20210803; t=1686148890;
	bh=KTLPzdfz/BJnUAHh8TzxybHGNNO+YdeuYvynxVreHmY=;
	h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help:
	  List-Id:Sender:Message-ID:In-Reply-To:To:References:Date:Subject:
	  MIME-Version:Content-Transfer-Encoding:Content-Type:From:DKIM-Signature;
	b=Q+tLkX8KNIJg/g2uDGMiw0QXYhObyT/ZP+uZwI92M3JVtL02ZUE5l++/jERiCB2dv5D5+1znt9
	  v+ItAVlxbb0vHs8uTYbejR5DILpanBP8c4OR/uDaIwAlkbOzQ3kGtFmupmT7/IcAVShOssfHZ4
	  +XnEJoj0g7V1auYqyvuhDwvR7rFnlN+MXKyFhge64zarX1mb1q1jWXl/yhldI+yFpFwB11q27m
	  uks3r7xECEMQG5AuXg4glHXXa1796JYMMFpKdR2jn+PYUcLsZ2hPC9E62vTi4qZQ9OUKsO8DOQ
	  3GMMIS1CWfoAPHaZl5L9/Nc5UIVx7E2KMiMS2UeUJqnkGA==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org;
	s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:
	List-Subscribe:List-Help:List-Id:Sender:Message-Id:In-Reply-To:To:References:
	Date:Subject:Mime-Version:Content-Transfer-Encoding:Content-Type:From:
	Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID;
	bh=KTLPzdfz/BJnUAHh8TzxybHGNNO+YdeuYvynxVreHmY=; b=nAvGVcZfhclXEDCfT2PhWLPiqu
	EUTyBU1My5rYGmCHvBBOI0lmg9aoNBTiVCREQyYiBRtD094nL/piwT2vvFVtXYsC9Av4MQk6vLtR+
	fer9FPZUyJH86QdZMYRZlOb7S05rd0aNT+LnZRQxYBH2EfCp9bgRJIMzqliIKrw972OMR1LqELyuB
	/8/04WBzglA/njdTi0nzStxXGgOlTN8Ow8d02bXV4EZ8zWibLrxZ0WlDaElppH8YI/7EGSmfLIUjs
	KHNg+gZhZ28qop4Py5GmUcNZCi+QfzRnTdWwKKrI3S0W/CQT86SNYy+izETjYYStKIWPN8YVxOvh0
	rDEmZY6w==;
Received: by zero.zsh.org with local
	id 1q6uLo-000BNL-EF;
	Wed, 07 Jun 2023 14:41:28 +0000
Authentication-Results: zsh.org;
	iprev=pass (snd00004-bg.im.kddi.ne.jp) smtp.remote-ip=27.86.113.4;
	dmarc=none header.from=kba.biglobe.ne.jp;
	arc=none
Received: from snd00004-bg.im.kddi.ne.jp ([27.86.113.4]:58400 helo=dfmta0004.biglobe.ne.jp)
	by zero.zsh.org with esmtps (TLS1.3:TLS_AES_256_GCM_SHA384:256)
	id 1q6uLP-000B5h-ER;
	Wed, 07 Jun 2023 14:41:11 +0000
Received: from mail.biglobe.ne.jp by omta0004.biglobe.ne.jp with ESMTP
          id <20230607144056473.CILN.40398.mail.biglobe.ne.jp@biglobe.ne.jp>
          for <zsh-workers@zsh.org>; Wed, 7 Jun 2023 23:40:56 +0900
From: "Jun. T" <takimoto-j@kba.biglobe.ne.jp>
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.3\))
Subject: Re: [Bug] modules zsh/tcp, zsh/zftp unloadable, probably affecting
 most modern Linuxes
Date: Wed, 7 Jun 2023 23:40:55 +0900
References: <afe7b7c7-0e47-26be-0d6d-7f7ca5891108@hostalia.de>
 <a9055641-4eb8-5d8f-229a-b38dbc63f706@hostalia.de>
 <027f2a491b638e2ffaf7766fe4adf29537c11fdf.camel@fifi.org>
 <227fe72b-7441-935c-55a7-421945da54b3@hostalia.de>
 <CAH+w=7b3L+ZQ5P6xnxsJ-gG_Mx74jpn-UkTZt8P3ZYj1xc1bZg@mail.gmail.com>
 <FF8D1182-CFF2-4831-BFF0-5232258508CC@kba.biglobe.ne.jp>
 <1604572963.1688389.1686042332603@mail.virginmedia.com>
 <9B5553E5-9CBD-4E6A-88E4-2ABFA1305552@kba.biglobe.ne.jp>
 <890683328.5067391.1686063668614@mail.virginmedia.com>
 <9d6e40041e3786987f54adf1080d201085b08625.camel@fifi.org>
 <CAHYJk3SVH021V2dVk956MR5P3_UCFZ4JsnFirk9FB1NGpkSSeg@mail.gmail.com>
 <F821A976-D3A0-4A31-AB1A-68AA3B65A2FC@kba.biglobe.ne.jp>
 <3DE27489-7BD6-478C-95AC-9E35C4B3C944@kba.biglobe.ne.jp>
To: zsh-workers@zsh.org
In-Reply-To: <3DE27489-7BD6-478C-95AC-9E35C4B3C944@kba.biglobe.ne.jp>
Message-Id: <5E054934-C1FA-490E-9D4E-64E73907B280@kba.biglobe.ne.jp>
X-Mailer: Apple Mail (2.3696.120.41.1.3)
X-Biglobe-Sender: takimoto-j@kba.biglobe.ne.jp
X-Seq: 51846
Archived-At: <https://zsh.org/workers/51846>
X-Loop: zsh-workers@zsh.org
Errors-To: zsh-workers-owner@zsh.org
Precedence: list
Precedence: bulk
Sender: zsh-workers-request@zsh.org
X-no-archive: yes
List-Id: <zsh-workers.zsh.org>
List-Help: <http://www.zsh.org/sympa/help>, <mailto:sympa@zsh.org?subject=HELP>
List-Subscribe: <http://www.zsh.org/sympa/subscribe/zsh-workers>, <mailto:sympa@zsh.org?subject=SUB%20zsh-workers>
List-Unsubscribe: <http://www.zsh.org/sympa/signoff/zsh-workers>, <mailto:sympa@zsh.org?subject=SIG%20zsh-workers>
List-Post: <mailto:zsh-workers@zsh.org>
List-Owner: <mailto:zsh-workers-request@zsh.org>
List-Archive: <http://www.zsh.org/sympa/arc/zsh-workers>

It seems using linker options '-z relro -z now' is now a widely
used way for enhancing security; see for example:
=
https://www.redhat.com/ja/blog/hardening-elf-binaries-using-relocation-rea=
d-only-relro

Both RedHat/Fedora/CentOS and Debian/Ubuntu are now using
these options by default.

zsh rpm for Fedora 'gcc ... -z lazy' for overriding '-z now'.
# this is not working now, but '-Wl,-z,lazy' would work.

It seems Debian zsh package does not try to override '-z now'.

Whether accepting '-z lazy' or not is up to the distribution,
but if using '-z lazy' (partial RELRO) is not recommended
from security point of view, then we can just document that
net/tcp must be loaded before zftp.=