Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 253963 - dev-libs/ffcall - QA Notice: The following files contain writable and executable sections
Summary: dev-libs/ffcall - QA Notice: The following files contain writable and executa...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Unspecified (show other bugs)
Hardware: AMD64 Linux
: High QA (vote)
Assignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it
URL:
Whiteboard:
Keywords:
: 459710 (view as bug list)
Depends on:
Blocks: 459890
  Show dependency tree
 
Reported: 2009-01-06 11:02 UTC by Arvid Norlander
Modified: 2014-12-14 12:02 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
patch to explicitly mark stacks (ffcall-stack-markings.patch,82.83 KB, patch)
2013-09-12 16:53 UTC, Markus Walter
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Norlander 2009-01-06 11:02:43 UTC
When emerging dev-libs/ffcall-1.10 (as a dependency of clisp) I noticed this message:

 * QA Notice: The following files contain executable stacks
 *  Files with executable stacks will not work properly (or at all!)
 *  on some architectures/operating systems.  A bug should be filed
 *  at http://bugs.gentoo.org/ to make sure the file is fixed.
 *  For more information, see http://hardened.gentoo.org/gnu-stack.xml
 *  Please include the following list of files in your report:
 * !WX --- --- usr/lib64/libavcall.a:avcall.o
 * !WX --- --- usr/lib64/libvacall.a:vacall.o
 * !WX --- --- usr/lib64/libcallback.a:vacall.o

Since it told me to file a bug I have here done so.

Reproducible: Always

Steps to Reproduce:
1. emerge =dev-libs/ffcall-1.10

Actual Results:  
Displays the above mentioned message before installing.

Expected Results:  
It shouldn't display that message.

# emerge --info
Portage 2.1.6.4 (default/linux/amd64/2008.0/desktop, gcc-4.1.2, glibc-2.6.1-r0, 2.6.27-gentoo-r7 x86_64)
=================================================================
System uname: Linux-2.6.27-gentoo-r7-x86_64-AMD_Sempron-tm-_Processor_3300+-with-glibc2.2.5
Timestamp of tree: Tue, 06 Jan 2009 10:30:01 +0000
ccache version 2.4 [disabled]
app-shells/bash:     3.2_p39
dev-java/java-config: 1.3.7-r1, 2.1.6-r1
dev-lang/python:     2.5.2-r7
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
dev-util/cmake:      2.6.2-r1
sys-apps/baselayout: 1.12.11.1
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.63
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.27-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -pipe -O2"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/bind"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=k8 -pipe -O2"
DISTDIR="/usr/portage/distfiles"
FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://gentoo.ynet.sk/pub http://ftp.ds.karen.hj.se/gentoo/ http://ftp.snt.utwente.nl/pub/os/linux/gentoo ftp://ftp.ds.karen.hj.se/gentoo/ http://mirror.muntinternet.net/pub/gentoo/ http://ftp.ing.umu.se/linux/gentoo/ http://mirror.gentoo.no/ http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/ http://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.linux.ee/pub/gentoo/distfiles/"
LINGUAS="en en_GB sv sv_SE"
MAKEOPTS="-j1"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/crossdev-overlay /usr/local/portage/cpan-overlay /usr/local/portage/nethack-overlay /usr/local/portage/generic-overlay"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X acl acpi alsa amd64 audiofile bash-completion berkdb bzip2 cairo caps ccache cdb cddb cdr cli cracklib crypt cups curl dbus dri dvd dvdr dvdread emacs emboss encode evo exif expat fam fastcgi fbcon firefox flac fontconfig foomaticdb fortran gd gdbm geoip gif glep gmp gnutls gpm gstreamer gtk iconv idea idn ieee1394 imlib iproute2 ipv6 isdnlog javascript joystick jpeg jpeg2k kde kdeenablefinal kdehiddenvisibility kqemu lcms lm_sensors logrotate loop-aes lyx mad mbox midi mikmod mmap mmx mmxext mng mono mozdevelop mp3 mpeg mudflap multilib mysqli ncurses nls nodrm nptl nptlonly nsplugin objc ogg openexr opengl pam pcre pdf perl pg-intdatetime php physfs pic png ppds pppd python qt3 qt3support qt4 quicktime readline reflection rle sasl scanner sdl session sndfile spell spl sqlite sse sse2 ssl startup-notification svg sysfs tcl tcpd tiff tk truetype unicode usb utempter vorbis webdav-serf xcomposite xorg xpm xulrunner xv zlib zsh-completion" ALSA_CARDS="emu10k1 loopback seq-dummy dummy" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse joystick evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en en_GB sv sv_SE" USERLAND="GNU" VIDEO_CARDS="ati radeon vesa fbdev r128 nv nvidia"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Daniel Santos 2009-03-24 02:45:34 UTC
ffcall-1.10-r2 as well, and I have some additional output (note last two lines)

 * QA Notice: The following files contain executable stacks
 *  Files with executable stacks will not work properly (or at all!)
 *  on some architectures/operating systems.  A bug should be filed
 *  at http://bugs.gentoo.org/ to make sure the file is fixed.
 *  For more information, see http://hardened.gentoo.org/gnu-stack.xml
 *  Please include the following list of files in your report:
 *  Note: Bugs should be filed for the respective maintainers
 *  of the package in question and not hardened@
 * !WX --- --- usr/lib64/libavcall.a:avcall-x86_64.o
 * !WX --- --- usr/lib64/libvacall.a:vacall.o
 * !WX --- --- usr/lib64/libcallback.a:vacall-x86_64.o
 * RWX --- --- usr/lib64/libavcall.so.0.0.0
 * RWX --- --- usr/lib64/libcallback.so.0.0.0
Comment 2 Kirikaza 2010-05-02 17:43:24 UTC
There are execstacks on x86 too.
Comment 3 Markus Walter 2013-02-02 09:59:56 UTC
I think this makes the tests fail on hardened, I get the following error:

/var/tmp/portage/dev-libs/ffcall-1.10-r3/work/clisp-2.41/ffcall/avcall/.libs/lt-minitests: error while loading shared libraries: libavcall.so.0: cannot enable executable stack as shared object requires: Permission denied

This possibly means that the entire package is broken on hardened (as mentioned in the qa warning).
Comment 4 Vicente Olivert Riera (RETIRED) gentoo-dev 2013-03-21 22:14:14 UTC
*** Bug 459710 has been marked as a duplicate of this bug. ***
Comment 5 Markus Walter 2013-09-12 16:53:14 UTC
Created attachment 358550 [details, diff]
patch to explicitly mark stacks

Hi, I followed the hardened guide on stack markings and applied the attached patch, which successfully removed the executable stacks. Yeah!
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2014-12-14 11:17:42 UTC
I've went ahead with slightly less invasive patch:

> *ffcall-1.10-r5 (14 Dec 2014)
>
>  14 Dec 2014; Sergei Trofimovich <slyfox@gentoo.org> +ffcall-1.10-r5.ebuild:
>  Respect CFLAGS/LDFLAGS (bug #334581), mark noexecstack (bug #253963). Thanks
>  to w0rm for the report.

Thanks guys!