Fedora 40 Looking To Change Linker To Error Out On Security Issues

Written by Michael Larabel in Fedora on 15 November 2023 at 04:14 PM EST. 2 Comments
FEDORA
A change proposal currently undergoing discussion for Fedora 40 would change their toolchain's (BFD) linker to error out on potential security issues. Currently BFD is emitting warnings on potential security problems but the F40 proposal is to instead error out so the program being built will fail to link when hitting recognized security issues.

The Fedora 40 change proposal would be affecting the behavior of:
- The creation of a program containing a stack that is in a memory region that has execute permission.
- The creation of a program with a loadable segment that has all three of the read, write and execute permission bits set.
- The creation of a thread local storage segment that has the execute permission bit set.

With not as many developers/users paying attention to warnings as when a show-stopping error occurs, the intention for Fedora 40 is to raise those to errors with the BFD linker.

Per the Fedora 40 change proposal:
The benefit of this change is that it will increase the overall security of Fedora by helping to ensure that packages cannot be built with one or more of these vulnerabilities without the owner being made aware and having to take specific actions - either to remove the vulnerability or disable the linker error message.

More details for those interested via the Fedora Wiki. The Fedora Engineering and Steering Committee (FESCo) still needs to vote on the change before it potentially becoming a feature of Fedora 40 in the spring.
2 Comments
Related News
Fedora 42 Looking To Package Intel SGX Software Stack
Fedora 42 Aims To Enhance The Windows Subsystem For Linux Experience
Fedora Stakeholders Debate Concerns Over "Karma" Term For Their Updates System
Fedora KDE Desktop Spin Promoted To Same Tier As GNOME-Based Fedora Workstation
Fedora Stakeholders Debate Idea Of "-O3" Optimized Packages
Fedora 41 Releases Today With Many Shiny New Features
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
Rustls Multi-Threaded Performance Is Battering OpenSSL
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
Fedora 42 Aims To Enhance The Windows Subsystem For Linux Experience
KDE Starts December By Landing A Number Of New Features