Project

General

Profile

Actions

Feature #20621

open

Check libruby.so hardening by annocheck

Added by vo.x (Vit Ondruch) 6 months ago. Updated 5 months ago.

Status:
Open
Assignee:
-
Target version:
-
[ruby-core:118520]

Description

As part of #18061, there was implemented annocheck test case. However, the test covers just ruby (which is just thin shell), while leaves out libruby.so (which contains most of the Ruby code). This PR tries to improve that:

https://github.com/ruby/ruby/pull/11123

BTW the question is if all *.so files or even all *.o files should be covered.

Updated by jaruga (Jun Aruga) 5 months ago

BTW the question is if all *.so files or even all *.o files should be covered.

I agree on covering all the .so files. I am not sure if we cover the ".o" files. However, I think that can be after the PR https://github.com/ruby/ruby/pull/11123 adding only libruby.so is merged. I would like a small step approach.

Updated by jaruga (Jun Aruga) 5 months ago

The libruby.so was added to the annocheck test by the PR https://github.com/ruby/ruby/pull/11324. I am not sure if we can close this ticket due to the PR.

By the way, if we add other so and *.o files to the test, it's better to fix some failures that are currently skipped by the --skip-pie --skip-gaps options below.

https://github.com/ruby/ruby/blob/53f3036bf9becda911dba1e9e1823aceb97b3d9a/.github/workflows/annocheck.yml#L57-L60
https://github.com/ruby/ruby/actions/runs/10285685378/job/28464546087?pr=11324#step:10:100

+ /usr/bin/docker run --rm -t ruby-fedora-annocheck-copy annocheck --verbose --skip-pie --skip-gaps ruby libruby.so.3.4.0
Actions

Also available in: Atom PDF

Like0
Like0Like0