Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 377559 - dev-lang/ekopath: upstream needs to fix atomic-cxx.S to remove RWX GNU STACK
Summary: dev-lang/ekopath: upstream needs to fix atomic-cxx.S to remove RWX GNU STACK
Status: RESOLVED TEST-REQUEST
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Science Related Packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-08-03 14:13 UTC by Anthony Basile
Modified: 2014-05-22 17:38 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Anthony Basile gentoo-dev 2011-08-03 14:13:53 UTC
I just added some code to ekopath-4.0.10_pre20110728.ebuild so ekopath works with a pax enabled kernel.  The fixes are applied unconditionally since they are safe on pax or vanilla systems.  I did not rev bump because there's no need to force those who already have ekopath to re-emerge.  I did not address ekopath-4.0.10_pre20110717-r1.ebuild, but the same issues might be there.

Two fixes:

a) Remove mprotect form the installer.  Since the installer doesn't persist on the system, this really doesn't represent any serious degradation of security.

b) I removed X bit from GNU STACK phdr leaving it only RW on libstl.so.  This addresses one QA issue, but the other remaining one is with the static lib, libstd.a, which still has an RWX GNU STACK due to atomic-cxx.S.  This needs to be fixed upstream since we don't have the source.  Its a QA problem on any gentoo system.

The fix to the assembly is probably as simple as Section 6 in http://www.gentoo.org/proj/en/hardened/gnu-stack.xml, but not having the asm in front of us, its not clear.



Reproducible: Always
Comment 1 Sébastien Fabbro (RETIRED) gentoo-dev 2014-05-22 17:38:42 UTC
current version 5.0.1_pre20131115 does not seem to be affected. re-open if so.
thanks.