= Proposed System Wide Change: Annobin = https://fedoraproject.org/wiki/Changes/Annobin
Change owner(s): * Nick Clifton <nickc AT redhat DOT com>
This change causes extra information to be stored in binary files compiled by gcc. This information can be used by scripts to check on various features of the file, such as the hardening options used of potential ABI conflicts.
== Detailed Description ==
The plan is to use a plugin to gcc to record extra information in the object files it creates. This information can then be examined by static analysis tools. The information is recorded in a compact, extensible format, described here: https://fedoraproject.org/wiki/Toolchain/Watermark
The Fedora annobin package is an implementation of the plugin for gcc. It also includes some example scripts that demonstrate how the recorded information can be used to, for example, check that an executable has been compiled with the correct hardening options, or detect if any conflicting ABI options have been used when compiling various parts of the executable.
To enable this change it is proposed that the redhat-rpm-config package should be extended to add the "-fplugin=annobin" option to the __global_compiler-flags macro. In theory such a change will be completely invisible to Fedora users but should prove to be very helpful to Fedora Release Management, assuming that they like the idea of these annotated binaries.
== Scope == * Proposal owners: Make sure the annobin plugin is ready.
* Other developers: An update is needed to the redhat-rpm-config package in order for the plugin to be invoked when gcc is used to compile programs, and to add a dependency upon the annobin package.
* Release engineering: https://pagure.io/releng/issue/7069 - Coordination with release engineering is needed. - A mass rebuild will be required.
* List of deliverables: All delivered images are affected, however there no changes to the list it self.
* Policies and guidelines: No updates needed
* Trademark approval: N/A (not needed for this Change)
To enable this change it is proposed that the redhat-rpm-config package should be extended to add the "-fplugin=annobin" option to the __global_compiler-flags macro. In theory such a change will be completely invisible to Fedora users but should prove to be very helpful to Fedora Release Management, assuming that they like the idea of these annotated binaries.
One desired effect of this change is that we will have a way to quickly spot binaries which were not compiled with the redhat-rpm-config compiler flags, so this has the side effect that we might contemplate packaging changes for those packages which are not coupled to redhat-rpm-config yet.
Thanks, Florian
Once upon a time, Jan Kurik jkurik@redhat.com said:
This change causes extra information to be stored in binary files compiled by gcc. This information can be used by scripts to check on various features of the file, such as the hardening options used of potential ABI conflicts.
One thing that is not mentioned: how much information is stored in the binaries? How much larger will the resulting binaries be?
Would it be possible to include this in the debuginfo, rather than the binaries? It would seem that this additional data has a small area of interest, but will increase storage and transfer for everybody.
On 09/27/2017 03:11 PM, Chris Adams wrote:
Once upon a time, Jan Kurik jkurik@redhat.com said:
This change causes extra information to be stored in binary files compiled by gcc. This information can be used by scripts to check on various features of the file, such as the hardening options used of potential ABI conflicts.
One thing that is not mentioned: how much information is stored in the binaries? How much larger will the resulting binaries be?
Nick should be able to provide some statistics. It's designed to be very small.
Would it be possible to include this in the debuginfo, rather than the binaries?
Debuginfo packages are only available for bulk download after a compose. They are not available for the buildroots. This makes it more difficult to see, in a timely fashion, if changes to the build process have the intended effect.
Thanks, Florian
On 09/27/2017 03:11 PM, Chris Adams wrote:
One thing that is not mentioned: how much information is stored in the binaries? How much larger will the resulting binaries be?
We currently see a size increase of about 1% per actually annotated executable or DSO in Fedora rawhide.
(But not everything which should be annotated currently is.)
Thanks, Florian
On Wed, Sep 27, 2017 at 02:43:50PM +0200, Jan Kurik wrote:
= Proposed System Wide Change: Annobin = https://fedoraproject.org/wiki/Changes/Annobin
Change owner(s):
- Nick Clifton <nickc AT redhat DOT com>
This change causes extra information to be stored in binary files compiled by gcc. This information can be used by scripts to check on various features of the file, such as the hardening options used of potential ABI conflicts.
== Detailed Description ==
The plan is to use a plugin to gcc to record extra information in the object files it creates. This information can then be examined by static analysis tools. The information is recorded in a compact, extensible format, described here: https://fedoraproject.org/wiki/Toolchain/Watermark
When this, or a similar proposal was made a while back on this list, I asked how this would affect other languages which don't use the GCC code generator and/or aren't affected by the usual C/C++ design problems that require hardening. OCaml, Haskell, and any LLVM language including C/C++ would be included in that list. I don't see any mention of that in this proposal.
Rich.
devel@lists.stg.fedoraproject.org
-
Chris Adams -
Florian Weimer -
Jan Kurik -
Richard W.M. Jones