Bug 428096
| Summary: | [RFE] rpmlint should warn about execstack in ELF files | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Kevin Kofler <kevin> |
| Component: | rpmlint | Assignee: | Ville Skyttä <ville.skytta> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | rawhide | CC: | tmz |
| Target Milestone: | --- | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 0.83-1.fc9 | Doc Type: | Enhancement |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-06-26 08:30:02 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Kevin Kofler
2008-01-09 07:26:34 UTC
Sounds like a good idea. Can you suggest a name for this warning/error and the contents of the info message, and/or do you have a link where lintian's output for this can be looked at? From shared-libs.desc in Lintian 1.23.42: Tag: shlib-without-PT_GNU_STACK-section Type: error Info: The listed shared libraries lacks a PT_GNU_STACK section. This forces the dynamic linker to make the stack executable. . The shared lib is linked either with a non-GNU linker or a linker which is older than two years. This problem can be fixed with a rebuild. Tag: shlib-with-executable-stack Type: warning Info: The listed shared libraries declares the stack as executable. . Executable stack is usualy an error as it is only needed if the code contains GCC trampolines or similar constructs which uses code on the stack. One possible source for false positives are object files built from assembler files which don't define a proper .note.GNU-stack section. (They aren't checking this for executables, but the same issue applies to executables too.) Implemented upstream: http://rpmlint.zarb.org/cgi-bin/trac.cgi/changeset/1395 I have a question about the executable-stack message: is the message correct in saying that missing .note.GNU-stack sections in assembler files are a source for *false* positives or do such cases actually result in executable stack? They actually do result in an executable stack. It's a "false positive" in the sense that the executable doesn't really need an executable stack, but still ends up with one. The "false positive" is in the toolchain, it's a true positive in rpmlint. I'm not sure how to best word it, the wording from lintian is confusing. Ok, a hopefully improved explanation is now upstream: http://rpmlint.zarb.org/cgi-bin/trac.cgi/changeset/1396 rpmlint-0.83-1.fc9 has been submitted as an update for Fedora 9 rpmlint-0.83-1.fc8 has been submitted as an update for Fedora 8 rpmlint-0.83-1.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update rpmlint'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-5185 rpmlint-0.83-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. rpmlint-0.83-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. |