[ATrpms-devel] libgcrypt selinux execstack
Axel Thimm
Axel.Thimm at ATrpms.net
Thu Jun 29 12:41:13 CEST 2006
On Thu, Jun 29, 2006 at 03:16:12AM -0700, Tim Fenn wrote:
> On Thu, Jun 29, 2006 at 11:47:09AM +0200, Axel Thimm wrote:
> > On Wed, Jun 28, 2006 at 01:17:02PM -0700, Tim Fenn wrote:
> > > Hi Axel:
> > >
> > > It seems like you've already been informed of at least one library
> > > with an execstack problem:
> > >
> > > http://www.redhat.com/archives/fedora-selinux-list/2006-May/msg00024.html
> > >
> > > But I've noticed libgcrypt11 also has similar problems
> > > (libgcrypt11-1.2.2-11.rhfc5.at, in my case), with the unfortunate side
> > > effect of killing any daemons that try to use it in enforcing mode and
> > > execstack checked.
> >
> > Have you tried using execstack -s? If that works, then I'll package it
> > in.
>
> If by execstack -s you mean execstack -c, then yes, it does fix the
> problem. ;)
Indeed this is what is recommended, but I don't understand it, -c
marks the binary as not requiring execstack, so that means that during
the build process the toolchain got confused as to whether execstack
is needed or not (due to unmarked assembly)?
https://www.redhat.com/archives/fedora-devel-list/2005-March/msg00460.html
In that case can we be certain that no executable stack is required
w/o reviewing the source (and in doing so the assembly GNU-stack
markers could be fixed, so no execstack -c is required at the end)?
Ubuntu seems to think similar and simply disables assembly:
https://launchpad.net/distros/ubuntu/+source/libgcrypt11/+bug/49192
> Sorry - I should have made note of that in my OP.
>
> (BTW, do you prefer I just report these sorts of things in bugzilla?)
bugzilla is nice as a reminder of things to do/fix and is a good URL
pointer, but not as a discussion ground - it certainly has more the
color of PM than a list discussion. I'd say it depends on the poster.
Maybe the best is doing both, e.g. file a bugzilla report and notify
the list, so whoever is interested can go to the bug report.
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.atrpms.net/pipermail/atrpms-devel/attachments/20060629/3856d56f/attachment.bin
More information about the atrpms-devel
mailing list