You are not logged in.
- Topics: Active | Unanswered
#1 2018-09-09 09:58:17
- CrocoDuck
- Member
- Registered: 2015-10-25
- Posts: 9
- Website
namcap: many warnings on ELF files - lacks FULL RELRO and lacks PIE
Hi guys,
I hope this isn't trivial, I couldn't quite find a solution anywhere.
Basically, most of my AUR PKGBUILDs are all suddenly producing packages that, when inspected with namcap, produce a ton of warnings as stated in the title. A good example is dpf-plugins-git, I opened an issue upstream thinking it had to to do with the make file, but it doesn't look like it and I later found that also other packages of mine are showing the same issue.
I was able to check, by using echo $LDFLAGS right before the make command in the build() function, that the LDFLAGS value is that set in /etc/makepkg.conf: -Wl,-O1,--sort-common,--as-needed,-z,relro, which to my understanding should not produce the warnings above... that's why I am slightly puzzled.
I guess my questions are:
1) Should I be concerned about these warnings?
2) Are you guys having similar issues?
3) What do you think should I try to get rid of the warnings?
Check my Linux audio experiments on my SoundCloud.
Fancying a swim in the pond?
Offline
#2 2018-09-09 10:22:23
- loqs
- Member
- Registered: 2014-03-06
- Posts: 18,045
Re: namcap: many warnings on ELF files - lacks FULL RELRO and lacks PIE
Have you merged /etc/makepkg.conf with /etc/makepkg.conf.pacnew?
'-z,now' is missing from LDFLAGS.
Offline
#3 2018-09-09 11:06:39
- CrocoDuck
- Member
- Registered: 2015-10-25
- Posts: 9
- Website
Re: namcap: many warnings on ELF files - lacks FULL RELRO and lacks PIE
Aw dang, the pacnew file flew under my radar. I merged it now and that seems to have removed the FULL RELRO warnings. I am left with the lacks PIE warnings:
dpf-plugins-git W: ELF file ('usr/lib/dssi/3BandEQ-dssi.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/dssi/3BandSplitter-dssi.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/dssi/AmplitudeImposer-dssi.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/dssi/CycleShifter-dssi.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/dssi/Kars-dssi.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/dssi/MVerb-dssi.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/dssi/Nekobi-dssi.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/dssi/PingPongPan-dssi.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/dssi/SoulForce-dssi.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/3BandEQ-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/3BandSplitter-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/AmplitudeImposer-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/CycleShifter-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/MVerb-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/MaBitcrush-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/MaFreeverb-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/MaGigaverb-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/MaPitchshift-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/PingPongPan-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/ladspa/SoulForce-ladspa.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/3BandEQ.lv2/3BandEQ_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/3BandEQ.lv2/3BandEQ_ui.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/3BandSplitter.lv2/3BandSplitter_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/3BandSplitter.lv2/3BandSplitter_ui.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/AmplitudeImposer.lv2/AmplitudeImposer_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/AmplitudeImposer.lv2/AmplitudeImposer_ui.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/CycleShifter.lv2/CycleShifter_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/CycleShifter.lv2/CycleShifter_ui.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/Kars.lv2/Kars_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/Kars.lv2/Kars_ui.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/MVerb.lv2/MVerb_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/MVerb.lv2/MVerb_ui.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/MaBitcrush.lv2/MaBitcrush_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/MaFreeverb.lv2/MaFreeverb_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/MaGigaverb.lv2/MaGigaverb_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/MaPitchshift.lv2/MaPitchshift_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/Nekobi.lv2/Nekobi_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/Nekobi.lv2/Nekobi_ui.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/PingPongPan.lv2/PingPongPan_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/PingPongPan.lv2/PingPongPan_ui.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/ProM.lv2/ProM.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/SoulForce.lv2/SoulForce_dsp.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/SoulForce.lv2/SoulForce_ui.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/lv2/glBars.lv2/glBars.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/3BandEQ-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/3BandSplitter-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/AmplitudeImposer-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/CycleShifter-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/Kars-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/MVerb-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/MaBitcrush-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/MaFreeverb-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/MaGigaverb-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/MaPitchshift-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/Nekobi-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/PingPongPan-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/ProM-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/SoulForce-vst.so') lacks PIE.
dpf-plugins-git W: ELF file ('usr/lib/vst/glBars-vst.so') lacks PIE.
dpf-plugins-git W: Unused shared library '/usr/lib/libm.so.6' by file ('usr/lib/dssi/Kars-dssi/Kars_ui')
dpf-plugins-git W: Unused shared library '/usr/lib/libm.so.6' by file ('usr/lib/ladspa/MaBitcrush-ladspa.so')
dpf-plugins-git W: Unused shared library '/usr/lib/libm.so.6' by file ('usr/lib/ladspa/MaFreeverb-ladspa.so')
dpf-plugins-git W: Unused shared library '/usr/lib/libm.so.6' by file ('usr/lib/lv2/Kars.lv2/Kars_ui.so')
dpf-plugins-git W: Unused shared library '/usr/lib/libm.so.6' by file ('usr/lib/lv2/MaBitcrush.lv2/MaBitcrush_dsp.so')
dpf-plugins-git W: Unused shared library '/usr/lib/libm.so.6' by file ('usr/lib/lv2/MaFreeverb.lv2/MaFreeverb_dsp.so')
dpf-plugins-git W: Unused shared library '/usr/lib/libm.so.6' by file ('usr/lib/lv2/ProM.lv2/ProM.so')
dpf-plugins-git W: Unused shared library '/usr/lib/libm.so.6' by file ('usr/lib/vst/MaBitcrush-vst.so')
dpf-plugins-git W: Unused shared library '/usr/lib/libm.so.6' by file ('usr/lib/vst/MaFreeverb-vst.so')
dpf-plugins-git W: Unused shared library '/usr/lib/libm.so.6' by file ('usr/lib/vst/ProM-vst.so')Check my Linux audio experiments on my SoundCloud.
Fancying a swim in the pond?
Offline
#4 2018-09-09 11:13:44
- loqs
- Member
- Registered: 2014-03-06
- Posts: 18,045
Re: namcap: many warnings on ELF files - lacks FULL RELRO and lacks PIE
I think those are false positives from namcap. The files are libraries so are built with -fPIC not -fPIE.
Offline
#5 2018-09-09 16:45:19
- eschwartz
- Fellow
- Registered: 2014-08-08
- Posts: 4,097
Re: namcap: many warnings on ELF files - lacks FULL RELRO and lacks PIE
namcap isn't 100% accurate at the best of times, and in this case it doesn't know how to distinguish between executable binaries and shared library binaries to determine what needs PIE. Which the latter do not, since DSO is fine as long as the dynloader is what loads it, and we have ASLR and everything is right with the world.
Ideally we'd train namcap to be smarter, but as it is it provides useful pointers to potential trouble spots. 
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline
#6 2018-09-13 20:46:50
- CrocoDuck
- Member
- Registered: 2015-10-25
- Posts: 9
- Website
Re: namcap: many warnings on ELF files - lacks FULL RELRO and lacks PIE
Cool. Thanks for your help guys!
Last edited by CrocoDuck (2018-09-13 20:49:36)
Check my Linux audio experiments on my SoundCloud.
Fancying a swim in the pond?
Offline
#7 2018-09-15 06:10:17
- yan12125
- Member
- Registered: 2017-11-01
- Posts: 36
Re: namcap: many warnings on ELF files - lacks FULL RELRO and lacks PIE
As a record, it's proposed to skip PIE check for *.so files - https://patchwork.archlinux.org/patch/774/
Offline