Bug 146590 - i386 libdv.so.4.0.1 is erroneously marked as requiring an executable stack
i386 libdv.so.4.0.1 is erroneously marked as requiring an executable stack
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: libdv (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Warren Togami
:
Depends On:
Blocks: FC4Blocker
  Show dependency treegraph
 
Reported: 2005-01-29 23:53 EST by Nicholas Miell
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version: 0.103-2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-06 22:12:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch against the RPM .spec to mark libdv as noexecstack (1.23 KB, patch)
2005-01-29 23:53 EST, Nicholas Miell
no flags Details | Diff
Patch assembler source with .note.GNU-stack sections (3.34 KB, patch)
2005-01-30 03:36 EST, Nicholas Miell
no flags Details | Diff

  None (edit)
Description Nicholas Miell 2005-01-29 23:53:24 EST
On i386 systms, /usr/lib/libdv.so.4.0.1 is erroneously marked as requiring an
executable stack. This is because it uses several assembler source files that do
not contain a .note.GNU-stack section indicating that an exectuable stack is
unnecessary. As a result, any application which links to libdv.so.4 has an
executable stack. This is a security risk.

This can be fixed by either:
a) adding appropriate .note.GNU-stack sections to each assembler file
b) linking with the "-z noexecstack" option
 or
c) running "execstack -c" on the final library

Attached is a patch to the .spec which implements option C.
Comment 1 Nicholas Miell 2005-01-29 23:53:24 EST
Created attachment 110406 [details]
Patch against the RPM .spec to mark libdv as noexecstack
Comment 2 Warren Togami 2005-01-30 02:57:22 EST
Ulrich Drepper said:
using the patch is not the best method
instead pass -Wa,--noexecstack to the compiler command line when compiling the
asm files
 alternative add
         .section        .note.GNU-stack,"",@progbits
to bottom of each x86 asm file

Nicholas thank you for your notification of this issue.  It will be fixed in FC4
soon.
Comment 3 Warren Togami 2005-01-30 03:05:40 EST
Test Procedure
--------------
<foo> once you made the changes, verify that readelf -l libdv.so |grep GNU_STACK
shows something like
<foo>       0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW  0x8
<foo> note the RW at the end, not RWE
Comment 4 Nicholas Miell 2005-01-30 03:35:15 EST
"execstack -q libdv.so" is easier, fwiw.

I've attached the patch that I submitted to upstream which does option A. It
won't apply unless you upgrade to something much more recent, but it's a start.
Comment 5 Nicholas Miell 2005-01-30 03:36:18 EST
Created attachment 110408 [details]
Patch assembler source with .note.GNU-stack sections
Comment 6 Warren Togami 2005-02-06 22:12:23 EST
Not yet able to upgrade to 0.104 due to Bug #147311.  Meanwhile I have
applied the .section changes to the x86 .S files in 0.103.

Note You need to log in before you can comment on or make changes to this bug.