I am working on bumping this package to the latest release and while the package installed without any problems, I did notice this in the emerge log. * QA Notice: The following files contain writable and executable sections * Files with such sections will not work properly (or at all!) on some * architectures/operating systems. A bug should be filed at * https://bugs.gentoo.org/ to make sure the issue is fixed. * For more information, see: * * https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart * * Please include the following list of files in your report: * Note: Bugs should be filed for the respective maintainers * of the package in question and not hardened@g.o. * RWX --- --- usr/sbin/zerotier-one
overlay-devel ~ # file $(which zerotier-one) /usr/sbin/zerotier-one: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, stripped
Please prepare a PR with your fix and contact the Proxy team on IRC, if you got stuck. https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers
gentoo-devel ~ # scanelf -lpqe RWX --- --- /usr/sbin/zerotier-one gentoo-devel ~ # readelf -S /usr/sbin/zerotier-one There are 28 section headers, starting at offset 0x138dc0: Section Headers: [Nr] Name Type Address Offset Size EntSize Flags Link Info Align [ 0] NULL 0000000000000000 00000000 0000000000000000 0000000000000000 0 0 0 [ 1] .interp PROGBITS 0000000000000238 00000238 000000000000001c 0000000000000000 A 0 0 1 [ 2] .note.ABI-tag NOTE 0000000000000254 00000254 0000000000000020 0000000000000000 A 0 0 4 [ 3] .gnu.hash GNU_HASH 0000000000000278 00000278 00000000000000b8 0000000000000000 A 4 0 8 [ 4] .dynsym DYNSYM 0000000000000330 00000330 0000000000001530 0000000000000018 A 5 1 8 [ 5] .dynstr STRTAB 0000000000001860 00001860 0000000000001665 0000000000000000 A 0 0 1 [ 6] .gnu.version VERSYM 0000000000002ec6 00002ec6 00000000000001c4 0000000000000002 A 4 0 2 [ 7] .gnu.version_r VERNEED 0000000000003090 00003090 0000000000000180 0000000000000000 A 5 4 8 [ 8] .rela.dyn RELA 0000000000003210 00003210 0000000000001ff8 0000000000000018 A 4 0 8 [ 9] .rela.plt RELA 0000000000005208 00005208 0000000000001158 0000000000000018 AI 4 24 8 [10] .init PROGBITS 0000000000006360 00006360 0000000000000017 0000000000000000 AX 0 0 4 [11] .plt PROGBITS 0000000000006380 00006380 0000000000000ba0 0000000000000010 AX 0 0 16 [12] .plt.got PROGBITS 0000000000006f20 00006f20 0000000000000018 0000000000000008 AX 0 0 8 [13] .text PROGBITS 0000000000006f40 00006f40 00000000000ec512 0000000000000000 AX 0 0 32 [14] .fini PROGBITS 00000000000f3454 000f3454 0000000000000009 0000000000000000 AX 0 0 4 [15] .rodata PROGBITS 00000000000f3460 000f3460 000000000002d820 0000000000000000 A 0 0 32 [16] .eh_frame_hdr PROGBITS 0000000000120c80 00120c80 0000000000001d0c 0000000000000000 A 0 0 4 [17] .eh_frame PROGBITS 0000000000122990 00122990 000000000000d0d8 0000000000000000 A 0 0 8 [18] .gcc_except_table PROGBITS 000000000012fa68 0012fa68 000000000000623c 0000000000000000 A 0 0 4 [19] .init_array INIT_ARRAY 00000000003369f0 001369f0 00000000000000e0 0000000000000008 WA 0 0 8 [20] .fini_array FINI_ARRAY 0000000000336ad0 00136ad0 0000000000000008 0000000000000008 WA 0 0 8 [21] .jcr PROGBITS 0000000000336ad8 00136ad8 0000000000000008 0000000000000000 WA 0 0 8 [22] .data.rel.ro PROGBITS 0000000000336ae0 00136ae0 0000000000000c78 0000000000000000 WA 0 0 32 [23] .dynamic DYNAMIC 0000000000337758 00137758 0000000000000250 0000000000000010 WA 5 0 8 [24] .got PROGBITS 00000000003379a8 001379a8 0000000000000648 0000000000000008 WA 0 0 8 [25] .data PROGBITS 0000000000338000 00138000 0000000000000cc8 0000000000000000 WA 0 0 32 [26] .bss NOBITS 0000000000338ce0 00138cc8 0000000000010250 0000000000000000 WA 0 0 32 [27] .shstrtab STRTAB 0000000000000000 00138cc8 00000000000000f6 0000000000000000 0 0 1 Key to Flags: W (write), A (alloc), X (execute), M (merge), S (strings), I (info), L (link order), O (extra OS processing required), G (group), T (TLS), C (compressed), x (unknown), o (OS specific), E (exclude), l (large), p (processor specific) Also, -Wl,-z,noexecstack is already appended to the ld-flags.
Upstream is aware of this problem and has supposedly resolved it in v1.2.10 > This is fixed in 1.2.10, just tagged. We might not do binaries for this one though since there are two more bugs set to die shortly. https://github.com/zerotier/ZeroTierOne/issues/762
The latest version (1.2.10) contains the same issue. I may need some help on this. gentoo-devel ~ # zerotier-one -V ZeroTier One version 1.2.10 Copyright (c) 2011-2018 ZeroTier, Inc. This is free software: you may copy, modify, and/or distribute this work under the terms of the GNU General Public License, version 3 or later as published by the Free Software Foundation. No warranty expressed or implied. Usage: zerotier-one [-switches] [home directory] Available switches: -h - Display this help -v - Show version -U - Skip privilege check and do not attempt to drop privileges -p<port> - Port for UDP and TCP/HTTP (default: 9993, 0 for random) -d - Fork and run as daemon (Unix-ish OSes) -i - Generate and manage identities (zerotier-idtool) -q - Query API (zerotier-cli) gentoo-devel ~ # scanelf -lpqe RWX --- --- /usr/sbin/zerotier-one gentoo-devel ~ # readelf -S /usr/sbin/zerotier-one There are 28 section headers, starting at offset 0x138dc0: Section Headers: [Nr] Name Type Address Offset Size EntSize Flags Link Info Align [ 0] NULL 0000000000000000 00000000 0000000000000000 0000000000000000 0 0 0 [ 1] .interp PROGBITS 0000000000000238 00000238 000000000000001c 0000000000000000 A 0 0 1 [ 2] .note.ABI-tag NOTE 0000000000000254 00000254 0000000000000020 0000000000000000 A 0 0 4 [ 3] .gnu.hash GNU_HASH 0000000000000278 00000278 00000000000000b8 0000000000000000 A 4 0 8 [ 4] .dynsym DYNSYM 0000000000000330 00000330 0000000000001530 0000000000000018 A 5 1 8 [ 5] .dynstr STRTAB 0000000000001860 00001860 0000000000001665 0000000000000000 A 0 0 1 [ 6] .gnu.version VERSYM 0000000000002ec6 00002ec6 00000000000001c4 0000000000000002 A 4 0 2 [ 7] .gnu.version_r VERNEED 0000000000003090 00003090 0000000000000180 0000000000000000 A 5 4 8 [ 8] .rela.dyn RELA 0000000000003210 00003210 0000000000001ff8 0000000000000018 A 4 0 8 [ 9] .rela.plt RELA 0000000000005208 00005208 0000000000001158 0000000000000018 AI 4 24 8 [10] .init PROGBITS 0000000000006360 00006360 0000000000000017 0000000000000000 AX 0 0 4 [11] .plt PROGBITS 0000000000006380 00006380 0000000000000ba0 0000000000000010 AX 0 0 16 [12] .plt.got PROGBITS 0000000000006f20 00006f20 0000000000000018 0000000000000008 AX 0 0 8 [13] .text PROGBITS 0000000000006f40 00006f40 00000000000ec512 0000000000000000 AX 0 0 32 [14] .fini PROGBITS 00000000000f3454 000f3454 0000000000000009 0000000000000000 AX 0 0 4 [15] .rodata PROGBITS 00000000000f3460 000f3460 000000000002d820 0000000000000000 A 0 0 32 [16] .eh_frame_hdr PROGBITS 0000000000120c80 00120c80 0000000000001d0c 0000000000000000 A 0 0 4 [17] .eh_frame PROGBITS 0000000000122990 00122990 000000000000d0d8 0000000000000000 A 0 0 8 [18] .gcc_except_table PROGBITS 000000000012fa68 0012fa68 000000000000623c 0000000000000000 A 0 0 4 [19] .init_array INIT_ARRAY 00000000003369f0 001369f0 00000000000000e0 0000000000000008 WA 0 0 8 [20] .fini_array FINI_ARRAY 0000000000336ad0 00136ad0 0000000000000008 0000000000000008 WA 0 0 8 [21] .jcr PROGBITS 0000000000336ad8 00136ad8 0000000000000008 0000000000000000 WA 0 0 8 [22] .data.rel.ro PROGBITS 0000000000336ae0 00136ae0 0000000000000c78 0000000000000000 WA 0 0 32 [23] .dynamic DYNAMIC 0000000000337758 00137758 0000000000000250 0000000000000010 WA 5 0 8 [24] .got PROGBITS 00000000003379a8 001379a8 0000000000000648 0000000000000008 WA 0 0 8 [25] .data PROGBITS 0000000000338000 00138000 0000000000000cc8 0000000000000000 WA 0 0 32 [26] .bss NOBITS 0000000000338ce0 00138cc8 0000000000010250 0000000000000000 WA 0 0 32 [27] .shstrtab STRTAB 0000000000000000 00138cc8 00000000000000f6 0000000000000000 0 0 1 Key to Flags: W (write), A (alloc), X (execute), M (merge), S (strings), I (info), L (link order), O (extra OS processing required), G (group), T (TLS), C (compressed), x (unknown), o (OS specific), E (exclude), l (large), p (processor specific)
(In reply to Rage <OxR463> from comment #5) > The latest version (1.2.10) contains the same issue. > I may need some help on this. > > gentoo-devel ~ # zerotier-one -V > ZeroTier One version 1.2.10 > Copyright (c) 2011-2018 ZeroTier, Inc. > This is free software: you may copy, modify, and/or distribute this > work under the terms of the GNU General Public License, version 3 or > later as published by the Free Software Foundation. > No warranty expressed or implied. I am not familiar with ELF. Would you please follow up the upstream issue with what you have found?
To: adam.ierymenko@zerotier.com Date: Thu, Jul 5, 2018 at 12:22 PM Subject: >=zerotier-1.2.8 QA: files contain writable and executable sections: usr/sbin/zerotier-one #762 Body: Greetings, I opened this issue, https://github.com/zerotier/ZeroTierOne/issues/762 on May 23rd, and it was closed as fixed in the 1.2.10 on the 29th, but I am still experiencing it in the latest release. I left Github but I am still trying to resolve this issue. The details and any logs can be found on here, https://bugs.gentoo.org/655180 Thanks again,
I'm afraid that at this point in time, this is beyond my abilities to resolve.
ramage.lucas@openmailbox.org should be changed in metadata.xml.
gentoo-devel /usr/portage # zerotier-one -V ZeroTier One version 1.2.12 Copyright (c) 2011-2018 ZeroTier, Inc. This is free software: you may copy, modify, and/or distribute this work under the terms of the GNU General Public License, version 3 or later as published by the Free Software Foundation. No warranty expressed or implied. Usage: zerotier-one [-switches] [home directory] Available switches: -h - Display this help -v - Show version -U - Skip privilege check and do not attempt to drop privileges -p<port> - Port for UDP and TCP/HTTP (default: 9993, 0 for random) -d - Fork and run as daemon (Unix-ish OSes) -i - Generate and manage identities (zerotier-idtool) -q - Query API (zerotier-cli) gentoo-devel /usr/portage # scanelf -lpqe RWX --- --- /usr/sbin/zerotier-one gentoo-devel /usr/portage # readelf -S /usr/sbin/zerotier-one There are 27 section headers, starting at offset 0x12bdc0: Section Headers: [Nr] Name Type Address Offset Size EntSize Flags Link Info Align [ 0] NULL 0000000000000000 00000000 0000000000000000 0000000000000000 0 0 0 [ 1] .interp PROGBITS 0000000000000238 00000238 000000000000001c 0000000000000000 A 0 0 1 [ 2] .note.ABI-tag NOTE 0000000000000254 00000254 0000000000000020 0000000000000000 A 0 0 4 [ 3] .gnu.hash GNU_HASH 0000000000000278 00000278 00000000000000b8 0000000000000000 A 4 0 8 [ 4] .dynsym DYNSYM 0000000000000330 00000330 0000000000001530 0000000000000018 A 5 1 8 [ 5] .dynstr STRTAB 0000000000001860 00001860 000000000000167f 0000000000000000 A 0 0 1 [ 6] .gnu.version VERSYM 0000000000002ee0 00002ee0 00000000000001c4 0000000000000002 A 4 0 2 [ 7] .gnu.version_r VERNEED 00000000000030a8 000030a8 0000000000000180 0000000000000000 A 5 4 8 [ 8] .rela.dyn RELA 0000000000003228 00003228 0000000000001f68 0000000000000018 A 4 0 8 [ 9] .rela.plt RELA 0000000000005190 00005190 0000000000001170 0000000000000018 AI 4 23 8 [10] .init PROGBITS 0000000000006300 00006300 0000000000000017 0000000000000000 AX 0 0 4 [11] .plt PROGBITS 0000000000006320 00006320 0000000000000bb0 0000000000000010 AX 0 0 16 [12] .plt.got PROGBITS 0000000000006ed0 00006ed0 0000000000000018 0000000000000008 AX 0 0 8 [13] .text PROGBITS 0000000000006f00 00006f00 00000000000dff12 0000000000000000 AX 0 0 32 [14] .fini PROGBITS 00000000000e6e14 000e6e14 0000000000000009 0000000000000000 AX 0 0 4 [15] .rodata PROGBITS 00000000000e6e20 000e6e20 000000000002d880 0000000000000000 A 0 0 32 [16] .eh_frame_hdr PROGBITS 00000000001146a0 001146a0 0000000000001d6c 0000000000000000 A 0 0 4 [17] .eh_frame PROGBITS 0000000000116410 00116410 000000000000d368 0000000000000000 A 0 0 8 [18] .gcc_except_table PROGBITS 0000000000123778 00123778 00000000000060a0 0000000000000000 A 0 0 4 [19] .init_array INIT_ARRAY 0000000000329a38 00129a38 00000000000000e0 0000000000000008 WA 0 0 8 [20] .fini_array FINI_ARRAY 0000000000329b18 00129b18 0000000000000008 0000000000000008 WA 0 0 8 [21] .data.rel.ro PROGBITS 0000000000329b20 00129b20 0000000000000c48 0000000000000000 WA 0 0 32 [22] .dynamic DYNAMIC 000000000032a768 0012a768 0000000000000250 0000000000000010 WA 5 0 8 [23] .got PROGBITS 000000000032a9b8 0012a9b8 0000000000000648 0000000000000008 WA 0 0 8 [24] .data PROGBITS 000000000032b000 0012b000 0000000000000cc8 0000000000000000 WA 0 0 32 [25] .bss NOBITS 000000000032bce0 0012bcc8 0000000000010250 0000000000000000 WA 0 0 32 [26] .shstrtab STRTAB 0000000000000000 0012bcc8 00000000000000f1 0000000000000000 0 0 1 Key to Flags: W (write), A (alloc), X (execute), M (merge), S (strings), I (info), L (link order), O (extra OS processing required), G (group), T (TLS), C (compressed), x (unknown), o (OS specific), E (exclude), l (large), p (processor specific)
Is it fixed in recent version then?
