Red Hat Bugzilla – Bug 428036
qimageblitz requires execstack
Last modified: 2008-02-16 16:02:46 EST
Description of problem:
Uness this program is a java or mono app it should not require execstack.
SELinux will not let it run with execstack.
wow, why on earth is it trying that?
There's 2 things likely to require execstack: 1. taking the address of a nested
function, 2. assembly files without the proper gnu_stack notes. I'll look into
This appears to be qimageblitz's fault. libqimageblitz.so.4.0.0 is marked as
having an executable stack. This appears to be due to the included asm_scale.S
which doesn't have a GNU_STACK note.
There may be other stuff marked as execstack though (hopefully not!), I don't
have a Rawhide system handy to do a full search of the ldd of systemsettings
for the RWE GNU_STACK notes.
Looks like Debian found this before we did, curse me for not looking at their
This should be fixed in Rawhide. If there's other libraries requiring
execstack, please open separate bugs for these.
I filed bug 428096 asking for an rpmlint check to catch this sort of issues so
that this hopefully doesn't happen again.
qimageblitz-0.0.4-0.3.svn706674.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
qimageblitz-0.0.4-0.3.svn706674.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
*** Bug 431786 has been marked as a duplicate of this bug. ***
Arrrgh, qimageblitz still has execstack set on x86_64. I'll explain why:
* CMakeLists.txt tests only if it can compile MMX before enabling asm_scale.S.
Of course, x86_64 can compile MMX.
* asm_scale.S itself elides almost all of the code if the following is false:
#if defined(__i386__) && ( defined(__GNUC__) || defined(__INTEL_COMPILER) )
* Thus, on x86_64, an almost empty asm_scale.S is compiled.
* The Debian patch adds the .note within that #ifdef, so it is missed on
I'll fix this ASAP.
Fixed in Rawhide. (I redid the noexecstack patch properly.) I ran readelf -l on
all the libqimageblitz.so.4.0.0 from all 4 architectures built in Koji and
they're all RW now (not RWE).
I'm pushing updates for the stable versions right now because this is both a
major annoyance for SELinux users and a potential security risk.
qimageblitz-0.0.4-0.4.svn706674.fc8 has been submitted as an update for Fedora 8
qimageblitz-0.0.4-0.4.svn706674.fc7 has been submitted as an update for Fedora 7
qimageblitz-0.0.4-0.4.svn706674.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
qimageblitz-0.0.4-0.4.svn706674.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
*** Bug 432762 has been marked as a duplicate of this bug. ***
*** Bug 433142 has been marked as a duplicate of this bug. ***