Bug 146590 - i386 libdv.so.4.0.1 is erroneously marked as requiring an executable stack
Summary: i386 libdv.so.4.0.1 is erroneously marked as requiring an executable stack
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: libdv (Show other bugs)
(Show other bugs)
Version: rawhide
Hardware: i386 Linux
medium
medium
Target Milestone: ---
Assignee: Warren Togami
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: FC4Blocker
TreeView+ depends on / blocked
 
Reported: 2005-01-30 04:53 UTC by Nicholas Miell
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version: 0.103-2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-07 03:12:23 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch against the RPM .spec to mark libdv as noexecstack (1.23 KB, patch)
2005-01-30 04:53 UTC, Nicholas Miell
no flags Details | Diff
Patch assembler source with .note.GNU-stack sections (3.34 KB, patch)
2005-01-30 08:36 UTC, Nicholas Miell
no flags Details | Diff

Description Nicholas Miell 2005-01-30 04:53:24 UTC
On i386 systms, /usr/lib/libdv.so.4.0.1 is erroneously marked as requiring an
executable stack. This is because it uses several assembler source files that do
not contain a .note.GNU-stack section indicating that an exectuable stack is
unnecessary. As a result, any application which links to libdv.so.4 has an
executable stack. This is a security risk.

This can be fixed by either:
a) adding appropriate .note.GNU-stack sections to each assembler file
b) linking with the "-z noexecstack" option
 or
c) running "execstack -c" on the final library

Attached is a patch to the .spec which implements option C.

Comment 1 Nicholas Miell 2005-01-30 04:53:24 UTC
Created attachment 110406 [details]
Patch against the RPM .spec to mark libdv as noexecstack

Comment 2 Warren Togami 2005-01-30 07:57:22 UTC
Ulrich Drepper said:
using the patch is not the best method
instead pass -Wa,--noexecstack to the compiler command line when compiling the
asm files
 alternative add
         .section        .note.GNU-stack,"",@progbits
to bottom of each x86 asm file

Nicholas thank you for your notification of this issue.  It will be fixed in FC4
soon.

Comment 3 Warren Togami 2005-01-30 08:05:40 UTC
Test Procedure
--------------
<foo> once you made the changes, verify that readelf -l libdv.so |grep GNU_STACK
shows something like
<foo>       0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW  0x8
<foo> note the RW at the end, not RWE

Comment 4 Nicholas Miell 2005-01-30 08:35:15 UTC
"execstack -q libdv.so" is easier, fwiw.

I've attached the patch that I submitted to upstream which does option A. It
won't apply unless you upgrade to something much more recent, but it's a start.

Comment 5 Nicholas Miell 2005-01-30 08:36:18 UTC
Created attachment 110408 [details]
Patch assembler source with .note.GNU-stack sections

Comment 6 Warren Togami 2005-02-07 03:12:23 UTC
Not yet able to upgrade to 0.104 due to Bug #147311.  Meanwhile I have
applied the .section changes to the x86 .S files in 0.103.


Note You need to log in before you can comment on or make changes to this bug.