Summary: | executable stacks for net-im/silc-plugin-1.0.1-r5 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Andrej Kacian (RETIRED) <ticho> |
Component: | New packages | Assignee: | Andrej Kacian (RETIRED) <ticho> |
Status: | RESOLVED CANTFIX | ||
Severity: | normal | CC: | hardened |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Other | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | scanelf-execstack.log |
Description
Andrej Kacian (RETIRED)
2006-03-03 04:06:29 UTC
Here you go. http://hardened.gentoo.org/gnu-stack.xml Great reading, thanks. However, I can't find any .S files in sources to add mentioned snippets for GNU_STACK. well i'd like to help but you didnt attach this log like the message told you to: /var/tmp/portage/portage/silc-plugin-1.0.1-r5/temp/scanelf-exec.log Created attachment 84206 [details]
scanelf-execstack.log
Actually, this package seems to suffer from both textrels and executable stacks. I'm attaching both scanelf-*.log files.
OK, the second file was too large for bugzilla. Here is a link: http://dev.gentoo.org/~ticho/misc/scanelf-textrel.log i think that the plugin is just built incorrectly rather than the source code having problems ... in other words, it includes objects that were not properly built with -fPIC in general, if you have something that has a ton of TEXTRELs (looking pretty much like 1 for every single function), then it's a good indicator that it was built incorrectly a very good indicator of this is if external functions are called in C code yet yield textrels ... like: libsilc_core.so: getpgid@@GLIBC_2.0 [0xD4C39] in silc_client_connect_to_server_final [0xD4BE0] reading the source there is clearly no inline asm which calls this ... the reference comes from pure C silc-plugin-1.1.2 doesn't have this issue anymore when compiled with --with-pic |