Bug 146589 - i386 libFLAC.so.4 is erroneously marked as requiring an executable stack
i386 libFLAC.so.4 is erroneously marked as requiring an executable stack
Product: Fedora
Classification: Fedora
Component: flac (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bastien Nocera
Depends On:
  Show dependency treegraph
Reported: 2005-01-29 23:41 EST by Nicholas Miell
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-04-17 08:09:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch against the RPM .spec to mark libFLAC as noexecstack (1.35 KB, patch)
2005-01-29 23:41 EST, Nicholas Miell
no flags Details | Diff

  None (edit)
Description Nicholas Miell 2005-01-29 23:41:11 EST
On i386 systms, /usr/lib/libFLAC.so.4.1.2 is erroneously marked as requiring an
executable stack. This is because it uses several assembler source files that do
not contain a .note.GNU-stack section indicating that an exectuable stack is
unnecessary. As a result, any application which links to libFLAC.so.4 has an
executable stack. This is a security risk.

This can be fixed by either:
a) adding appropriate .note.GNU-stack sections to each assembler file
b) linking with the "-z noexecstack" option
c) running "execstack -c" on the final library

Attached is a patch which implements option C.
Comment 1 Nicholas Miell 2005-01-29 23:41:11 EST
Created attachment 110405 [details]
Patch against the RPM .spec to mark libFLAC as noexecstack
Comment 2 Colin Walters 2005-01-31 20:10:59 EST
Did you double-check that the included assembly actually does not require an
executable stack?  It probably doesn't, but I'm nervous about applying this
patch without at least a glance from an x86 assembler guru.
Comment 3 Nicholas Miell 2005-01-31 21:12:42 EST
I didn't, but I seriously doubt that they need an executable stack.
Programatically generating code is difficult enough without doing it in assembly.

I am not an x86 assembler guru, but my quick overview didn't find anything
Comment 4 Colin Walters 2005-02-02 12:41:41 EST
I had a guru look over it, he agreed.  

Unfortunately though, "prelink" and hence execstack isn't available in
our buildroots.  

I'm going to try emailing upstream to get them to add the
.note.GNU-stack thing; unfortunately the only samples I have of that
are for gnu as, not nasm.
Comment 5 Nicholas Miell 2005-02-02 17:37:49 EST
Ah, I was hoping that the "don't use execstack" advice (in another bug) was just
bad form, not an outright impossibility.

I don't think NASM supports the directives necessary to actually add the right
kind of .note.GNU-stack section, so you're left with the option of modifying the
final libFLAC.so link with "-z noexecstack".
Comment 6 Bastien Nocera 2007-04-17 05:29:55 EDT
Nicholas, is this still a problem with flac 1.1.4?
Comment 7 Matthias Clasen 2007-04-17 07:37:11 EDT
Doesn't look like it:

[mclasen@localhost ~]$ execstack /usr/lib/libFLAC.so.8
- /usr/lib/libFLAC.so.8
Comment 8 Bastien Nocera 2007-04-17 08:09:40 EDT
Excellent, thanks Matthias.

Note You need to log in before you can comment on or make changes to this bug.