Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. gcrypt
executable stack in libgcrypt
Axel.Thimm at ATrpms
Jul 1, 2006, 3:41 PM
Post #1 of 3 (2027 views)
Permalink
Hi,

libgcrypt with asm marks the object and library as requiring
executable stack. On systems with enforced selinux policy this breaks
w/o special rules. Therefore some distributions (for instance Fedora
and Ubuntu) simply turn off asm at build time (--disable-asm).

The question is whether executable stack is needed, which it probably
doesn't. But only a code review of the asm code can tell for sure, or
the very authors of libgcrypt :)

If the asm code does not need executable stack it should contain
something like

.section .note.GNU-stack, "", @progbits

to mark the resulting object file as not needing it.

Thanks!
--
Axel.Thimm at ATrpms.net
Re: executable stack in libgcrypt [ In reply to ]
wk at gnupg
Jul 3, 2006, 8:31 AM
Post #2 of 3 (1881 views)
Permalink
On Sun, 2 Jul 2006 00:41, Axel Thimm said:

> libgcrypt with asm marks the object and library as requiring
> executable stack. On systems with enforced selinux policy this breaks

Please check the configure options as well as the mail archiove from
the last few weeks.

> .section .note.GNU-stack, "", @progbits

This is not portable as it relies on the GNU as. Thus we require for
now a configure switch.


Salam-Shalom,

Werner


_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Re: executable stack in libgcrypt [ In reply to ]
Axel.Thimm at ATrpms
Jul 4, 2006, 5:10 PM
Post #3 of 3 (1884 views)
Permalink
On Mon, Jul 03, 2006 at 05:31:48PM +0200, Werner Koch wrote:
> On Sun, 2 Jul 2006 00:41, Axel Thimm said:
>
> > libgcrypt with asm marks the object and library as requiring
> > executable stack. On systems with enforced selinux policy this breaks
>
> Please check the configure options as well as the mail archiove from
> the last few weeks.

Thanks, I found the configure switch (although nothing in the
archives, maybe on another gnupg.org list?)

> > .section .note.GNU-stack, "", @progbits
>
> This is not portable as it relies on the GNU as. Thus we require for
> now a configure switch.

It breaks with binutils 2.11.93.0.2, 2.13.90.0.2 and 2.13.90.0.18 (no
warning and 2x errors out). Would these versions support the .section
construct?
--
Axel.Thimm at ATrpms.net

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal