From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] stripper: Strip any PIE executables
Date: Wed, 06 Jul 2022 10:57:46 +0100
Message-ID: <8A4EB246-546C-428D-A538-B9D6BFB9CD62@ipfire.org>
In-Reply-To: <6ab33d7f-e35d-bd88-dbe7-d7b83036e899@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6178387482617852853=="
List-Id: <development.lists.ipfire.org>

--===============6178387482617852853==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Good question. I did not even think about this.

I could not find many executables that fell into this category. Maybe about 1=
0. Out of those, dnsdist was the largest one - by far.

So I would say, it isn=E2=80=99t worth it except for dnsdist.

-Michael

> On 6 Jul 2022, at 10:56, Peter M=C3=BCller <peter.mueller(a)ipfire.org> wro=
te:
>=20
> Hello Michael,
>=20
> just a short follow-up question on this: Do we need to re-ship all affected=
 packages again?
> Or is it fine to let users benefit from stripped PIE executables when we up=
date affected
> components anyway?
>=20
> Thanks, and best regards,
> Peter M=C3=BCller
>=20
>=20
>> Reviewed-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
>>=20
>>> Fixes: #12894
>>> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
>>> ---
>>>   src/stripper | 4 ++++
>>>   1 file changed, 4 insertions(+)
>>>=20
>>> diff --git a/src/stripper b/src/stripper
>>> index fadbc514b..4014f03a4 100755
>>> --- a/src/stripper
>>> +++ b/src/stripper
>>> @@ -38,6 +38,10 @@ function _strip() {
>>>               args+=3D( "--strip-all" )
>>>               ;;
>>>   +        *Type:*"DYN (Position-Independent Executable file)"*)
>>> +            args+=3D( "--strip-all" )
>>> +            ;;
>>> +
>>>           # Binaries
>>>           *Type:*"EXEC (Executable file)"*)
>>>               args+=3D( "--strip-all" )


--===============6178387482617852853==--