Bug 146589 - i386 libFLAC.so.4 is erroneously marked as requiring an executable stack
Summary: i386 libFLAC.so.4 is erroneously marked as requiring an executable stack
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: flac   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Bastien Nocera
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-01-30 04:41 UTC by Nicholas Miell
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-17 12:09:40 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch against the RPM .spec to mark libFLAC as noexecstack (1.35 KB, patch)
2005-01-30 04:41 UTC, Nicholas Miell
no flags Details | Diff

Description Nicholas Miell 2005-01-30 04:41:11 UTC
On i386 systms, /usr/lib/libFLAC.so.4.1.2 is erroneously marked as requiring an
executable stack. This is because it uses several assembler source files that do
not contain a .note.GNU-stack section indicating that an exectuable stack is
unnecessary. As a result, any application which links to libFLAC.so.4 has an
executable stack. This is a security risk.

This can be fixed by either:
a) adding appropriate .note.GNU-stack sections to each assembler file
b) linking with the "-z noexecstack" option
 or
c) running "execstack -c" on the final library

Attached is a patch which implements option C.

Comment 1 Nicholas Miell 2005-01-30 04:41:11 UTC
Created attachment 110405 [details]
Patch against the RPM .spec to mark libFLAC as noexecstack

Comment 2 Colin Walters 2005-02-01 01:10:59 UTC
Did you double-check that the included assembly actually does not require an
executable stack?  It probably doesn't, but I'm nervous about applying this
patch without at least a glance from an x86 assembler guru.

Comment 3 Nicholas Miell 2005-02-01 02:12:42 UTC
I didn't, but I seriously doubt that they need an executable stack.
Programatically generating code is difficult enough without doing it in assembly.

I am not an x86 assembler guru, but my quick overview didn't find anything
suspicious.

Comment 4 Colin Walters 2005-02-02 17:41:41 UTC
I had a guru look over it, he agreed.  

Unfortunately though, "prelink" and hence execstack isn't available in
our buildroots.  

I'm going to try emailing upstream to get them to add the
.note.GNU-stack thing; unfortunately the only samples I have of that
are for gnu as, not nasm.

Comment 5 Nicholas Miell 2005-02-02 22:37:49 UTC
Ah, I was hoping that the "don't use execstack" advice (in another bug) was just
bad form, not an outright impossibility.

I don't think NASM supports the directives necessary to actually add the right
kind of .note.GNU-stack section, so you're left with the option of modifying the
final libFLAC.so link with "-z noexecstack".

Comment 6 Bastien Nocera 2007-04-17 09:29:55 UTC
Nicholas, is this still a problem with flac 1.1.4?

Comment 7 Matthias Clasen 2007-04-17 11:37:11 UTC
Doesn't look like it:

[mclasen@localhost ~]$ execstack /usr/lib/libFLAC.so.8
- /usr/lib/libFLAC.so.8


Comment 8 Bastien Nocera 2007-04-17 12:09:40 UTC
Excellent, thanks Matthias.


Note You need to log in before you can comment on or make changes to this bug.