You are not logged in.

#1 2018-09-09 09:58:17

CrocoDuck
Member
Registered: 2015-10-25
Posts: 9
Website

namcap: many warnings on ELF files - lacks FULL RELRO and lacks PIE

Hi guys,

I hope this isn't trivial, I couldn't quite find a solution anywhere.

Basically, most of my AUR PKGBUILDs are all suddenly producing packages that, when inspected with namcap, produce a ton of warnings as stated in the title. A good example is dpf-plugins-git, I opened an issue upstream thinking it had to to do with the make file, but it doesn't look like it and I later found that also other packages of mine are showing the same issue.

I was able to check, by using echo $LDFLAGS right before the make command in the build() function, that the LDFLAGS value is that set in /etc/makepkg.conf: -Wl,-O1,--sort-common,--as-needed,-z,relro, which to my understanding should not produce the warnings above... that's why I am slightly puzzled.

I guess my questions are:

1) Should I be concerned about these warnings?
2) Are you guys having similar issues?
3) What do you think should I try to get rid of the warnings?


Check my Linux audio experiments on my SoundCloud.
Fancying a swim in the pond?

Offline

#2 2018-09-09 10:22:23

loqs
Member
Registered: 2014-03-06
Posts: 17,195

Re: namcap: many warnings on ELF files - lacks FULL RELRO and lacks PIE

Have you merged /etc/makepkg.conf with /etc/makepkg.conf.pacnew?
'-z,now' is missing from LDFLAGS.

Offline

#3 2018-09-09 11:06:39

CrocoDuck
Member
Registered: 2015-10-25
Posts: 9
Website

Re: namcap: many warnings on ELF files - lacks FULL RELRO and lacks PIE

Aw dang, the pacnew file flew under my radar. I merged it now and that seems to have removed the FULL RELRO warnings. I am left with the lacks PIE warnings:

dpf-plugins-git W: ELF file ('usr/lib/dssi/3BandEQ-dssi.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/dssi/3BandSplitter-dssi.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/dssi/AmplitudeImposer-dssi.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/dssi/CycleShifter-dssi.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/dssi/Kars-dssi.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/dssi/MVerb-dssi.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/dssi/Nekobi-dssi.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/dssi/PingPongPan-dssi.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/dssi/SoulForce-dssi.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/3BandEQ-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/3BandSplitter-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/AmplitudeImposer-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/CycleShifter-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/MVerb-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/MaBitcrush-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/MaFreeverb-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/MaGigaverb-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/MaPitchshift-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/PingPongPan-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/SoulForce-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/3BandEQ.lv2/3BandEQ_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/3BandEQ.lv2/3BandEQ_ui.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/3BandSplitter.lv2/3BandSplitter_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/3BandSplitter.lv2/3BandSplitter_ui.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/AmplitudeImposer.lv2/AmplitudeImposer_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/AmplitudeImposer.lv2/AmplitudeImposer_ui.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/CycleShifter.lv2/CycleShifter_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/CycleShifter.lv2/CycleShifter_ui.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/Kars.lv2/Kars_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/Kars.lv2/Kars_ui.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/MVerb.lv2/MVerb_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/MVerb.lv2/MVerb_ui.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/MaBitcrush.lv2/MaBitcrush_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/MaFreeverb.lv2/MaFreeverb_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/MaGigaverb.lv2/MaGigaverb_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/MaPitchshift.lv2/MaPitchshift_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/Nekobi.lv2/Nekobi_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/Nekobi.lv2/Nekobi_ui.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/PingPongPan.lv2/PingPongPan_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/PingPongPan.lv2/PingPongPan_ui.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/ProM.lv2/ProM.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/SoulForce.lv2/SoulForce_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/SoulForce.lv2/SoulForce_ui.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/glBars.lv2/glBars.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/3BandEQ-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/3BandSplitter-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/AmplitudeImposer-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/CycleShifter-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/Kars-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/MVerb-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/MaBitcrush-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/MaFreeverb-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/MaGigaverb-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/MaPitchshift-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/Nekobi-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/PingPongPan-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/ProM-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/SoulForce-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/glBars-vst.so') lacks PIE.
dpf-plugins-git W: Unused shared library '/usr/lib/libm.so.6' by file ('usr/lib/dssi/Kars-dssi/Kars_ui')
dpf-plugins-git W: Unused shared library '/usr/lib/libm.so.6' by file ('usr/lib/ladspa/MaBitcrush-ladspa.so')
dpf-plugins-git W: Unused shared library '/usr/lib/libm.so.6' by file ('usr/lib/ladspa/MaFreeverb-ladspa.so')
dpf-plugins-git W: Unused shared library '/usr/lib/libm.so.6' by file ('usr/lib/lv2/Kars.lv2/Kars_ui.so')
dpf-plugins-git W: Unused shared library '/usr/lib/libm.so.6' by file ('usr/lib/lv2/MaBitcrush.lv2/MaBitcrush_dsp.so')
dpf-plugins-git W: Unused shared library '/usr/lib/libm.so.6' by file ('usr/lib/lv2/MaFreeverb.lv2/MaFreeverb_dsp.so')
dpf-plugins-git W: Unused shared library '/usr/lib/libm.so.6' by file ('usr/lib/lv2/ProM.lv2/ProM.so')
dpf-plugins-git W: Unused shared library '/usr/lib/libm.so.6' by file ('usr/lib/vst/MaBitcrush-vst.so')
dpf-plugins-git W: Unused shared library '/usr/lib/libm.so.6' by file ('usr/lib/vst/MaFreeverb-vst.so')
dpf-plugins-git W: Unused shared library '/usr/lib/libm.so.6' by file ('usr/lib/vst/ProM-vst.so')

Check my Linux audio experiments on my SoundCloud.
Fancying a swim in the pond?

Offline

#4 2018-09-09 11:13:44

loqs
Member
Registered: 2014-03-06
Posts: 17,195

Re: namcap: many warnings on ELF files - lacks FULL RELRO and lacks PIE

I think those are false positives from namcap.  The files are libraries so are built with -fPIC not -fPIE.

Offline

#5 2018-09-09 16:45:19

eschwartz
Fellow
Registered: 2014-08-08
Posts: 4,097

Re: namcap: many warnings on ELF files - lacks FULL RELRO and lacks PIE

namcap isn't 100% accurate at the best of times, and in this case it doesn't know how to distinguish between executable binaries and shared library binaries to determine what needs PIE. Which the latter do not, since DSO is fine as long as the dynloader is what loads it, and we have ASLR and everything is right with the world.

Ideally we'd train namcap to be smarter, but as it is it provides useful pointers to potential trouble spots. smile


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

#6 2018-09-13 20:46:50

CrocoDuck
Member
Registered: 2015-10-25
Posts: 9
Website

Re: namcap: many warnings on ELF files - lacks FULL RELRO and lacks PIE

Cool. Thanks for your help guys!

Last edited by CrocoDuck (2018-09-13 20:49:36)


Check my Linux audio experiments on my SoundCloud.
Fancying a swim in the pond?

Offline

#7 2018-09-15 06:10:17

yan12125
Member
Registered: 2017-11-01
Posts: 36

Re: namcap: many warnings on ELF files - lacks FULL RELRO and lacks PIE

As a record, it's proposed to skip PIE check for *.so files - https://patchwork.archlinux.org/patch/774/

Offline

Board footer

Powered by FluxBB