* QA Notice: The following files contain writable and executable sections * Files with such sections will not work properly (or at all!) on some * architectures/operating systems. A bug should be filed at * http://bugs.gentoo.org/ to make sure the issue is fixed. * For more information, see http://hardened.gentoo.org/gnu-stack.xml * Please include the following list of files in your report: * Note: Bugs should be filed for the respective maintainers * of the package in question and not hardened@g.o. * RWX --- --- usr/bin/mpeg2desc mpeg2desc, at minimum, needs to be set +E so it will run on hardened kernels. Reproducible: Always Actual Results: Mar 9 05:31:34 carrie kernel: [2007787.135097] grsec: denied marking stack executable as requested by PT_GNU_STACK marking in /usr/bin/mpeg2desc by /lib64/ld-2.18.so[ld-linux-x86-64:15069] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/ldd[ldd:15066] uid/euid:0/0 gid/egid:0/0 Expected Results: mpeg2desc runs Portage 2.2.7 (hardened/linux/amd64, gcc-4.8.2, glibc-2.18-r1, 3.13.2-hardened-r3.rivendell x86_64) ================================================================= System uname: Linux-3.13.2-hardened-r3.rivendell-x86_64-Intel-R-_Xeon-R-_CPU_X5482_@_3.20GHz-with-gentoo-2.2 KiB Mem: 8216204 total, 500164 free KiB Swap: 6147416 total, 3608632 free Timestamp of tree: Fri, 14 Mar 2014 02:15:01 +0000 ld GNU ld (GNU Binutils) 2.23.2 ccache version 3.1.9 [disabled] app-shells/bash: 4.2_p45 dev-java/java-config: 2.2.0::java dev-lang/python: 2.7.5-r2, 3.3.4 dev-util/ccache: 3.1.9-r3 dev-util/cmake: 2.8.12.2 dev-util/pkgconfig: 0.28 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.11.8 sys-apps/sandbox: 2.6-r1 sys-devel/autoconf: 2.13, 2.69 sys-devel/automake: 1.9.6-r3, 1.10.3, 1.11.6, 1.12.6, 1.14 sys-devel/binutils: 2.23.2 sys-devel/gcc: 4.8.2 sys-devel/gcc-config: 1.8 sys-devel/libtool: 2.4.2 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.9 (virtual/os-headers) sys-libs/glibc: 2.18-r1
Created attachment 372682 [details, diff] Patch to ebuild
Do it realy need pax mark E or can it be fixed like in the gnu-stack doc?