Paul B. Mahol wrote:
On 11/26/08, Matthew Seaman <[EMAIL PROTECTED]> wrote:Matthew Seaman wrote:Kris Kennaway wrote:Bonus points if you come up with a patch to do this: in most cases it will be a simple matter of changing the port's do-install: target to use INSTALL_* macros instead of cp/bsdtar etc. This would be a good project to get some familiarity with the ports tree.Would it be worthwhile to add a test and warning that all installed binaries have not been stripped to the 'security-check' target in bsd.port.mk? That's not really what that target was intended for (feeping creaturism alert!) but it's the obvious place to put such a test. Probably cleaner to create a whole new target, but that's going to duplicate some code. Hmmmm... I shall work up some patches, probably over the weekend, so there's something substantive to talk about.Done: ports/129210 For the record, I also discovered that, contrary to what I said earlier, there is apparently one class of binary object that will not work correctly if stripped: kernel loadable modules.Kernel loadable modules are already stripped (--strip-debug).
KLDs aren't stripped in a way that file(1) recognises:happy-idiot-talk:/boot/kernel:% file if_em.ko if_em.ko: ELF 32-bit LSB shared object, Intel 80386, version 1 (FreeBSD), dynamically linked, not stripped
Unfortunately file(1) seems to be about the only tool available to test
a priori whether a binary object is stripped or not. It's possible
that objdump(1) or readelf(1) could do a similar thing, but I can't
work it out from those man pages.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature
