Bug 678818 - i686 libSDL marked having executable stack
Summary: i686 libSDL marked having executable stack
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: SDL
Version: 14
Hardware: i686
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Petr Pisar
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: allow_execstack (view as bug list)
Depends On:
Blocks: 669844
TreeView+ depends on / blocked
 
Reported: 2011-02-19 22:24 UTC by Mario Blättermann
Modified: 2014-10-05 14:30 UTC (History)
7 users (show)

Fixed In Version: SDL-1.2.14-10.fc14
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-03-03 03:26:32 UTC


Attachments (Terms of Use)
Ooops same problem with Firefox (132.32 KB, image/png)
2012-04-19 17:04 UTC, Mikhail
no flags Details


Links
System ID Priority Status Summary Last Updated
SDL Simple Directmedia Layer 1152 None None None Never

Description Mario Blättermann 2011-02-19 22:24:41 UTC
Description of problem:
After the last software update, I'm unable to open wxGTK based applications. This affects for example Audacity, Poedit and Kicad on my system.

Version-Release number of selected component (if applicable):

$ rpm -qi SDL
Name        : SDL                      Relocations: (not relocatable)
Version     : 1.2.14                   Vendor: Fedora Project
Release     : 9.fc14                   Build Date: Fr 18 Feb 2011 13:59:37 CET
Install Date: Sa 19 Feb 2011 18:31:35 CET
Build Host: x86-03.phx2.fedoraproject.org

How reproducible:
Launch a wxGTK application


Actual results:
The following error message appears:

$ poedit
poedit: error while loading shared libraries: libSDL-1.2.so.0: cannot enable executable stack as shared object requires: Permission denied

$ audacity
audacity: error while loading shared libraries: libSDL-1.2.so.0: cannot enable executable stack as shared object requires: Permission denied


Expected results:
I would expect to start the application, of course...

Additional info:

Comment 1 Petr Pisar 2011-02-21 16:15:34 UTC
I'm not aware about any changes in SDL that could introduce this change.

Both previous and current version have the stack marked as unexecutable. More ever it works for me.

Can you read section <http://www.crypt.gen.nz/selinux/faq.html#CP.19> and check tour library of permission for stack (e.g. by execstack -q). Are you sure that downgrading SDL to previous version dismiss the problem?

Comment 2 Petr Pisar 2011-02-22 10:38:40 UTC
Bellow are unpacked packages downloaded from koji and no executable bit on stack segment is set:

$ scanelf --header  SDL-1.2.14-{8,9}.fc14.x86_64/usr/lib64/libSDL-1.2.so.0.11.3 
 TYPE   STK/REL/PTL FILE 
ET_DYN RW- --- RW- SDL-1.2.14-8.fc14.x86_64/usr/lib64/libSDL-1.2.so.0.11.3 
ET_DYN RW- --- RW- SDL-1.2.14-9.fc14.x86_64/usr/lib64/libSDL-1.2.so.0.11.3 

However it's visible on i686 build:

$ scanelf --header  SDL-1.2.14-{8,9}.fc14.i686/usr/lib/libSDL-1.2.so.0
 TYPE   STK/REL/PTL FILE 
ET_DYN RW- --- RW- SDL-1.2.14-8.fc14.i686/usr/lib/libSDL-1.2.so.0 
ET_DYN RWX --- RW- SDL-1.2.14-9.fc14.i686/usr/lib/libSDL-1.2.so.0

AFAIK i686 architecture has no executable protection in CPU implemented so the marker is just informative.

I guess somebody changed tool chain in F14. I will check it.

Comment 3 Petr Pisar 2011-02-22 12:07:43 UTC
 TYPE   STK/REL/PTL FILE 
ET_DYN RW- --- RW- SDL-1.2.14-9.fc13.i686/usr/lib/libSDL-1.2.so.0 
ET_DYN RW- --- RW- SDL-1.2.14-8.fc14.i686/usr/lib/libSDL-1.2.so.0 
ET_DYN RWX --- RW- SDL-1.2.14-8.fc14.i686-rebuild/usr/lib/libSDL-1.2.so.0 
ET_DYN RWX --- RW- SDL-1.2.14-9.fc14.i686/usr/lib/libSDL-1.2.so.0 
ET_DYN RWX --- RW- SDL-1.2.14-11.fc16.i686/usr/lib/libSDL-1.2.so.0

The SDL-1.2.14-8.fc14.i686-rebuild (http://koji.fedoraproject.org/koji/taskinfo?taskID=2857019) built from the same sources as SDL-1.2.14-8.fc14.i686 differ in the bit. So it looks like a tool chain issue.

Comment 4 Hicham HAOUARI 2011-02-22 23:24:47 UTC
Same issue here, gnash can't be run at all on i686 due to this

Comment 5 Kevin Kofler 2011-02-23 16:11:36 UTC
I think we need this regression addressed before pushing any SDL update.

I suspect a regression or an incompatible change in NASM. The good build was done with nasm-2.08.01-2.fc14, the bad one with nasm-2.09.03-2.fc14. Documented changes: http://www.nasm.us/doc/nasmdocc.html

Comment 6 Kevin Kofler 2011-02-23 16:15:25 UTC
While we really need to get NASM fixed since this can also affect other packages (in fact, at least one package in a third-party repository has a workaround for what's probably the same issue), could we try using YASM instead, which appears to be SDL upstream's preferred choice?

Comment 7 Petr Pisar 2011-02-23 17:34:39 UTC
*** Bug 652297 has been marked as a duplicate of this bug. ***

Comment 8 Petr Pisar 2011-02-24 09:51:49 UTC
nasm-2.08.02-1.fc14.i686 passes.
nasm-2.09-1.fc14.i686 produces affected objects.

Comment 9 Petr Pisar 2011-02-24 13:17:11 UTC
I found it. Newer nasm will not define `__OUTPUT_FORMAT__' macro as `elf', but as `elf32' if invoked as `nasm -f elf'. This is due to `elf' became alias for `elf32' in nasm-2.09:

  Short aliases \c{win}, \c{elf} and \c{macho} for output formats are
  introduced.  Each stands for \c{win32}, \c{elf32} and \c{macho32}
  accordingly.

I guess SDL sources should be patched to write:

  %ifidn __OUTPUT_FORMAT__,elf32
  section .note.GNU-stack noalloc noexec nowrite progbits
  %endif

instead of

  %ifidn __OUTPUT_FORMAT__,elf
  section .note.GNU-stack noalloc noexec nowrite progbits
  %endif

Comment 10 Fedora Update System 2011-02-25 09:59:36 UTC
SDL-1.2.14-11.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/SDL-1.2.14-11.fc15

Comment 11 Fedora Update System 2011-02-25 10:01:54 UTC
SDL-1.2.14-10.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/SDL-1.2.14-10.fc14

Comment 12 Fedora Update System 2011-02-25 10:02:16 UTC
SDL-1.2.14-10.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/SDL-1.2.14-10.fc13

Comment 13 Fedora Update System 2011-02-25 23:17:20 UTC
SDL-1.2.14-11.fc15 has been pushed to the Fedora 15 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update SDL'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/SDL-1.2.14-11.fc15

Comment 14 Fedora Update System 2011-03-03 03:26:18 UTC
SDL-1.2.14-11.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 Fedora Update System 2011-03-07 21:00:33 UTC
SDL-1.2.14-10.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 16 Fedora Update System 2011-03-07 21:01:50 UTC
SDL-1.2.14-10.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 17 Mikhail 2012-04-19 17:04:37 UTC
Created attachment 578707 [details]
Ooops same problem with Firefox

Comment 18 Petr Pisar 2012-04-20 07:42:58 UTC
(In reply to comment #17)
> Created attachment 578707 [details]
> Ooops same problem with Firefox

I'm not aware that Firefox would use SDL library. Even SDL is is supposed to be fixed now. You should report your issue against Firefox component and provide all necessary details like Firefox package version.


Note You need to log in before you can comment on or make changes to this bug.