[ruby-core:118520] [Ruby master Feature#20621] Check libruby.so hardening by annocheck
Issue #20621 has been reported by vo.x (Vit Ondruch). ---------------------------------------- Feature #20621: Check libruby.so hardening by annocheck https://bugs.ruby-lang.org/issues/20621 * Author: vo.x (Vit Ondruch) * Status: Open ---------------------------------------- As part of #18061, there was implemented annocheck test case. However, the test covers just `ruby` (which is just thin shell), while leaves out `libruby.so` (which contains most of the Ruby code). This PR tries to improve that: https://github.com/ruby/ruby/pull/11123 BTW the question is if all *.so files or even all *.o files should be covered. -- https://bugs.ruby-lang.org/
Issue #20621 has been updated by jaruga (Jun Aruga).
BTW the question is if all *.so files or even all *.o files should be covered.
I agree on covering all the *.so files. I am not sure if we cover the "*.o" files. However, I think that can be after the PR https://github.com/ruby/ruby/pull/11123 adding only libruby.so is merged. I would like a small step approach. ---------------------------------------- Feature #20621: Check libruby.so hardening by annocheck https://bugs.ruby-lang.org/issues/20621#change-109209 * Author: vo.x (Vit Ondruch) * Status: Open ---------------------------------------- As part of #18061, there was implemented annocheck test case. However, the test covers just `ruby` (which is just thin shell), while leaves out `libruby.so` (which contains most of the Ruby code). This PR tries to improve that: https://github.com/ruby/ruby/pull/11123 BTW the question is if all *.so files or even all *.o files should be covered. -- https://bugs.ruby-lang.org/
Issue #20621 has been updated by jaruga (Jun Aruga). The libruby.so was added to the annocheck test by the PR <https://github.com/ruby/ruby/pull/11324>. I am not sure if we can close this ticket due to the PR. By the way, if we add other so and *.o files to the test, it's better to fix some failures that are currently skipped by the `--skip-pie --skip-gaps` options below. https://github.com/ruby/ruby/blob/53f3036bf9becda911dba1e9e1823aceb97b3d9a/.... https://github.com/ruby/ruby/actions/runs/10285685378/job/28464546087?pr=113... ``` + /usr/bin/docker run --rm -t ruby-fedora-annocheck-copy annocheck --verbose --skip-pie --skip-gaps ruby libruby.so.3.4.0 ``` ---------------------------------------- Feature #20621: Check libruby.so hardening by annocheck https://bugs.ruby-lang.org/issues/20621#change-109363 * Author: vo.x (Vit Ondruch) * Status: Open ---------------------------------------- As part of #18061, there was implemented annocheck test case. However, the test covers just `ruby` (which is just thin shell), while leaves out `libruby.so` (which contains most of the Ruby code). This PR tries to improve that: https://github.com/ruby/ruby/pull/11123 BTW the question is if all *.so files or even all *.o files should be covered. -- https://bugs.ruby-lang.org/
participants (2)
-
jaruga (Jun Aruga) -
vo.x (Vit Ondruch)