[ATrpms-devel] libgcrypt selinux execstack
Axel Thimm
Axel.Thimm at ATrpms.net
Fri Jun 30 00:35:21 CEST 2006
On Thu, Jun 29, 2006 at 11:54:49AM -0700, Tim Fenn wrote:
> > In that case can we be certain that no executable stack is required
> > w/o reviewing the source (and in doing so the assembly GNU-stack
> > markers could be fixed, so no execstack -c is required at the end)?
> >
>
> In this case we'd have to audit the assembly code. o_O
>
> > Ubuntu seems to think similar and simply disables assembly:
> >
> > https://launchpad.net/distros/ubuntu/+source/libgcrypt11/+bug/49192
> >
>
> Well, further down the page is a patch that seems more reasonable, by
> telling the assembler to not set the executable stack bit. You
> basically go through all the .S files and append ".section
> .note.GNU-stack,"", at progbits" to each. Alternatively, just add
> "-Wa,--execstack" to the build options.
Yes, but that's after one is certain that the asm code doesn't really
need it (which it most probably doesn't, but one cannot blindly assume
it).
Hm, I guess maybe this needs to be brought to the gpg people's
notice. After all they wrote it. :)
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.atrpms.net/pipermail/atrpms-devel/attachments/20060630/625c2ef2/attachment.bin
More information about the atrpms-devel
mailing list