Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-8303

annocheck reports that no compiled code found for thin_metadata_pack and thin_metadata_unpack binaries

XMLWordPrintable

    • None
    • Important
    • rhel-sst-logical-storage
    • ssg_filesystems_storage_and_HA
    • 1
    • Dev ack
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • If docs needed, set a value
    • None

      Description of problem:

      Attempting to test if thin_metadata_pack|thin_metadata_unpack binaries were properly built with stack protection via -fstack-protector-strong yields skip: stack-prot test because no compiled code found.

      Version-Release number of selected component (if applicable):

      RHEL-9.0 packages:
      device-mapper-persistent-data-0.9.0-12.el9.x86_64
      annobin-annocheck-10.54-2.el9.x86_64

      RHEL-9.2 packages:
      device-mapper-persistent-data-0.9.0-13.el9.x86_64
      annobin-annocheck-10.73-3.el9.x86_64

      How reproducible:

      Deterministic.

      Steps to Reproduce:
      1. dnf install -y annobin-annocheck device-mapper-persistent-data
      2. dnf debuginfo-install -y device-mapper-persistent-data
      3. rpm -ql device-mapper-persistent-data | grep /usr/sbin/ | while read f ; do test -L $f || echo $f ; done | xargs – annocheck --verbose --skip-all --test-stack-prot

      Actual results:

      RHEL-9.0
      annocheck: Version 10.54.
      Hardened: /usr/sbin/pdata_tools: PASS: stack-prot test
      Hardened: /usr/sbin/pdata_tools: Overall: PASS.
      Hardened: /usr/sbin/thin_metadata_pack: info: assembler built by GCC detected - treating as pure assembler.
      Hardened: /usr/sbin/thin_metadata_pack: skip: stack-prot test because no compiled code found
      Hardened: /usr/sbin/thin_metadata_pack: Overall: PASS.
      Hardened: /usr/sbin/thin_metadata_unpack: info: assembler built by GCC detected - treating as pure assembler.
      Hardened: /usr/sbin/thin_metadata_unpack: skip: stack-prot test because no compiled code found
      Hardened: /usr/sbin/thin_metadata_unpack: Overall: PASS.

      RHEL-9.2
      annocheck: Version 10.73.
      Hardened: /usr/sbin/pdata_tools: PASS: stack-prot test
      Hardened: /usr/sbin/pdata_tools: Overall: PASS.
      Hardened: /usr/sbin/thin_metadata_pack: info: assembler built by GCC detected - treating as pure assembler.
      Hardened: /usr/sbin/thin_metadata_pack: PASS: stack-prot test
      Hardened: /usr/sbin/thin_metadata_pack: Overall: PASS.
      Hardened: /usr/sbin/thin_metadata_unpack: info: assembler built by GCC detected - treating as pure assembler.
      Hardened: /usr/sbin/thin_metadata_unpack: skip: stack-prot test because no compiled code found
      Hardened: /usr/sbin/thin_metadata_unpack: Overall: PASS.

      Expected results:
      No "skip: stack-prot test because no compiled code found" on binaries.

      Additional info:

      Adding Nick to Cc in case this turns out to be an issue in annocheck itself.

              mcsontos@redhat.com Marian Csontos
              ggasparb Gabriel Gaspar Becker
              Marian Csontos Marian Csontos
              Filip Suba Filip Suba
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

                Created:
                Updated: