Bug 146590

Summary: i386 libdv.so.4.0.1 is erroneously marked as requiring an executable stack
Product: [Fedora] Fedora Reporter: Nicholas Miell <nmiell>
Component: libdvAssignee: Warren Togami <wtogami>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: 0.103-2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-02-07 03:12:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 136450    
Attachments:
Description Flags
Patch against the RPM .spec to mark libdv as noexecstack
none
Patch assembler source with .note.GNU-stack sections none

Description Nicholas Miell 2005-01-30 04:53:24 UTC 
On i386 systms, /usr/lib/libdv.so.4.0.1 is erroneously marked as requiring an
executable stack. This is because it uses several assembler source files that do
not contain a .note.GNU-stack section indicating that an exectuable stack is
unnecessary. As a result, any application which links to libdv.so.4 has an
executable stack. This is a security risk.

This can be fixed by either:
a) adding appropriate .note.GNU-stack sections to each assembler file
b) linking with the "-z noexecstack" option
 or
c) running "execstack -c" on the final library

Attached is a patch to the .spec which implements option C.
Comment 1 Nicholas Miell 2005-01-30 04:53:24 UTC 
Created attachment 110406 [details]
Patch against the RPM .spec to mark libdv as noexecstack
Comment 2 Warren Togami 2005-01-30 07:57:22 UTC 
Ulrich Drepper said:
using the patch is not the best method
instead pass -Wa,--noexecstack to the compiler command line when compiling the
asm files
 alternative add
         .section        .note.GNU-stack,"",@progbits
to bottom of each x86 asm file

Nicholas thank you for your notification of this issue.  It will be fixed in FC4
soon.
Comment 3 Warren Togami 2005-01-30 08:05:40 UTC 
Test Procedure
--------------
<foo> once you made the changes, verify that readelf -l libdv.so |grep GNU_STACK
shows something like
<foo>       0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW  0x8
<foo> note the RW at the end, not RWE
Comment 4 Nicholas Miell 2005-01-30 08:35:15 UTC 
"execstack -q libdv.so" is easier, fwiw.

I've attached the patch that I submitted to upstream which does option A. It
won't apply unless you upgrade to something much more recent, but it's a start.
Comment 5 Nicholas Miell 2005-01-30 08:36:18 UTC 
Created attachment 110408 [details]
Patch assembler source with .note.GNU-stack sections
Comment 6 Warren Togami 2005-02-07 03:12:23 UTC 
Not yet able to upgrade to 0.104 due to Bug #147311.  Meanwhile I have
applied the .section changes to the x86 .S files in 0.103.