[Pkg-giraffe-discuss] Hardening inside Kopanocore and additional needing (New at Kopano / familiar with Debian packaging)

[Jan Engelhardt]

On Friday 2017-07-28 16:26, Carsten Schoenert wrote:

>Hello Jan,
>
>Am 26.07.2017 um 23:41 schrieb Jan Engelhardt:
>> 
>> On Wednesday 2017-07-26 22:28, Guido Günther wrote:
>>>
>>> It would be great if you could check upstream what side effects our
>>> current patch would have. I think we should at least remove
>>> ec_relocate_fd as well.
>> 
>> The fd relocation was done because there were - and maybe still are -
>> libraries which still use select(2) and for which we need to keep
>> the low region 0..1023 free.
>
>ahh yes! Jan, as you are one with the deepest knowledge of the internal
>usage of symbols from other libraries, can you please give some advice
>which libraries are potentially candidates here?

Potential candidates could be *every* component kopano-server uses.
It only takes a bug or an "unfortunate decision" in a software or in
a package build description and poll(2) won't be detected or won't be
enabled, making a system library fall back to select. Examples

 * poll (or any other feature) being opt-in rather than opt-out,
   and no --enable-poll was specified
 * poll.h or sys/poll.h not found during configure run
 * configure only checking for one of the poll headers...


I vaguely remember hearing "openldap-client" back in the ZCP days,
though checking that now points to version 2.2.30 (2005) being the
last one that offered just select.

libs3 (all versions thru 4.1) is known to unconditionally use select
all the time.