Bug 428036 - qimageblitz requires execstack
Summary: qimageblitz requires execstack
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: qimageblitz
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Kevin Kofler
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 431786 432762 433142 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-01-08 20:42 UTC by Daniel Walsh
Modified: 2008-02-16 21:02 UTC (History)
7 users (show)

Fixed In Version: 0.0.4-0.4.svn706674.fc8
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-02-13 04:57:20 UTC
Type: ---


Attachments (Terms of Use)

Description Daniel Walsh 2008-01-08 20:42:41 UTC
Description of problem:

Uness this program is a java or mono app it should not require execstack.

http://people.redhat.com/~drepper/selinux-mem.html

SELinux will not let it run with execstack.

Comment 1 Rex Dieter 2008-01-08 20:51:58 UTC
wow, why on earth is it trying that?

Comment 2 Kevin Kofler 2008-01-08 22:01:14 UTC
There's 2 things likely to require execstack: 1. taking the address of a nested 
function, 2. assembly files without the proper gnu_stack notes. I'll look into 
this ASAP.

Comment 3 Kevin Kofler 2008-01-08 23:09:46 UTC
This appears to be qimageblitz's fault. libqimageblitz.so.4.0.0 is marked as 
having an executable stack. This appears to be due to the included asm_scale.S 
which doesn't have a GNU_STACK note.

There may be other stuff marked as execstack though (hopefully not!), I don't 
have a Rawhide system handy to do a full search of the ldd of systemsettings 
for the RWE GNU_STACK notes.

Comment 4 Kevin Kofler 2008-01-08 23:21:42 UTC
Looks like Debian found this before we did, curse me for not looking at their 
patches.
This should be fixed in Rawhide. If there's other libraries requiring 
execstack, please open separate bugs for these.

Comment 5 Kevin Kofler 2008-01-09 07:27:49 UTC
I filed bug 428096 asking for an rpmlint check to catch this sort of issues so 
that this hopefully doesn't happen again.

Comment 6 Fedora Update System 2008-01-11 22:11:40 UTC
qimageblitz-0.0.4-0.3.svn706674.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2008-01-11 22:22:51 UTC
qimageblitz-0.0.4-0.3.svn706674.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Kevin Kofler 2008-02-07 03:04:43 UTC
*** Bug 431786 has been marked as a duplicate of this bug. ***

Comment 9 Kevin Kofler 2008-02-07 03:09:04 UTC
Arrrgh, qimageblitz still has execstack set on x86_64. I'll explain why:
* CMakeLists.txt tests only if it can compile MMX before enabling asm_scale.S. 
Of course, x86_64 can compile MMX.
* asm_scale.S itself elides almost all of the code if the following is false:
#if defined(__i386__) && ( defined(__GNUC__) || defined(__INTEL_COMPILER) )
* Thus, on x86_64, an almost empty asm_scale.S is compiled.
* The Debian patch adds the .note within that #ifdef, so it is missed on 
x86_64.

I'll fix this ASAP.

Comment 10 Kevin Kofler 2008-02-07 03:40:29 UTC
Fixed in Rawhide. (I redid the noexecstack patch properly.) I ran readelf -l on 
all the libqimageblitz.so.4.0.0 from all 4 architectures built in Koji and 
they're all RW now (not RWE).

I'm pushing updates for the stable versions right now because this is both a 
major annoyance for SELinux users and a potential security risk.

Comment 11 Fedora Update System 2008-02-07 03:54:48 UTC
qimageblitz-0.0.4-0.4.svn706674.fc8 has been submitted as an update for Fedora 8

Comment 12 Fedora Update System 2008-02-07 03:55:35 UTC
qimageblitz-0.0.4-0.4.svn706674.fc7 has been submitted as an update for Fedora 7

Comment 13 Fedora Update System 2008-02-13 04:57:17 UTC
qimageblitz-0.0.4-0.4.svn706674.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 14 Fedora Update System 2008-02-13 05:17:32 UTC
qimageblitz-0.0.4-0.4.svn706674.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 Kevin Kofler 2008-02-14 07:44:46 UTC
*** Bug 432762 has been marked as a duplicate of this bug. ***

Comment 16 Kevin Kofler 2008-02-16 21:02:46 UTC
*** Bug 433142 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.