Bug 428036 - qimageblitz requires execstack
qimageblitz requires execstack
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: qimageblitz (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Kevin Kofler
Fedora Extras Quality Assurance
: Reopened
: 431786 432762 433142 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-08 15:42 EST by Daniel Walsh
Modified: 2008-02-16 16:02 EST (History)
7 users (show)

See Also:
Fixed In Version: 0.0.4-0.4.svn706674.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-12 23:57:20 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Daniel Walsh 2008-01-08 15:42:41 EST
Description of problem:

Uness this program is a java or mono app it should not require execstack.

http://people.redhat.com/~drepper/selinux-mem.html

SELinux will not let it run with execstack.
Comment 1 Rex Dieter 2008-01-08 15:51:58 EST
wow, why on earth is it trying that?
Comment 2 Kevin Kofler 2008-01-08 17:01:14 EST
There's 2 things likely to require execstack: 1. taking the address of a nested 
function, 2. assembly files without the proper gnu_stack notes. I'll look into 
this ASAP.
Comment 3 Kevin Kofler 2008-01-08 18:09:46 EST
This appears to be qimageblitz's fault. libqimageblitz.so.4.0.0 is marked as 
having an executable stack. This appears to be due to the included asm_scale.S 
which doesn't have a GNU_STACK note.

There may be other stuff marked as execstack though (hopefully not!), I don't 
have a Rawhide system handy to do a full search of the ldd of systemsettings 
for the RWE GNU_STACK notes.
Comment 4 Kevin Kofler 2008-01-08 18:21:42 EST
Looks like Debian found this before we did, curse me for not looking at their 
patches.
This should be fixed in Rawhide. If there's other libraries requiring 
execstack, please open separate bugs for these.
Comment 5 Kevin Kofler 2008-01-09 02:27:49 EST
I filed bug 428096 asking for an rpmlint check to catch this sort of issues so 
that this hopefully doesn't happen again.
Comment 6 Fedora Update System 2008-01-11 17:11:40 EST
qimageblitz-0.0.4-0.3.svn706674.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2008-01-11 17:22:51 EST
qimageblitz-0.0.4-0.3.svn706674.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Kevin Kofler 2008-02-06 22:04:43 EST
*** Bug 431786 has been marked as a duplicate of this bug. ***
Comment 9 Kevin Kofler 2008-02-06 22:09:04 EST
Arrrgh, qimageblitz still has execstack set on x86_64. I'll explain why:
* CMakeLists.txt tests only if it can compile MMX before enabling asm_scale.S. 
Of course, x86_64 can compile MMX.
* asm_scale.S itself elides almost all of the code if the following is false:
#if defined(__i386__) && ( defined(__GNUC__) || defined(__INTEL_COMPILER) )
* Thus, on x86_64, an almost empty asm_scale.S is compiled.
* The Debian patch adds the .note within that #ifdef, so it is missed on 
x86_64.

I'll fix this ASAP.
Comment 10 Kevin Kofler 2008-02-06 22:40:29 EST
Fixed in Rawhide. (I redid the noexecstack patch properly.) I ran readelf -l on 
all the libqimageblitz.so.4.0.0 from all 4 architectures built in Koji and 
they're all RW now (not RWE).

I'm pushing updates for the stable versions right now because this is both a 
major annoyance for SELinux users and a potential security risk.
Comment 11 Fedora Update System 2008-02-06 22:54:48 EST
qimageblitz-0.0.4-0.4.svn706674.fc8 has been submitted as an update for Fedora 8
Comment 12 Fedora Update System 2008-02-06 22:55:35 EST
qimageblitz-0.0.4-0.4.svn706674.fc7 has been submitted as an update for Fedora 7
Comment 13 Fedora Update System 2008-02-12 23:57:17 EST
qimageblitz-0.0.4-0.4.svn706674.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 Fedora Update System 2008-02-13 00:17:32 EST
qimageblitz-0.0.4-0.4.svn706674.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 Kevin Kofler 2008-02-14 02:44:46 EST
*** Bug 432762 has been marked as a duplicate of this bug. ***
Comment 16 Kevin Kofler 2008-02-16 16:02:46 EST
*** Bug 433142 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.