optimized GResource embedding has side-effects: executable stack and extra symbols
I'm currently looking at updating Debian's GTK 4 to v4.6.
The build speedups starting in commit d7e117f5 seem to have had a couple of undesired side-effects:
- Some extra symbols starting with
_binary_gtk_gtk_gresource
and_gtk
get exported, despite the use of-fvisibility=hidden
- The library ends up marked as requiring an executable stack, which weakens security hardening for any program linked to it
Perhaps the objcopy magic could be adjusted to avoid those?
Or perhaps the fast path could be an optional thing, which can speed up incremental developer builds but isn't used in production builds from scratch where the slow path has a proportionally less significant time cost?
Edited by Simon McVittie