Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 655180 - >=net-misc/zerotier-1.2.8 QA: files contain writable and executable sections: usr/sbin/zerotier-one
Summary: >=net-misc/zerotier-1.2.8 QA: files contain writable and executable sections:...
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: AMD64 Linux
: Normal normal (vote)
Assignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it
URL:
Whiteboard:
Keywords:
Depends on: 658042
Blocks:
  Show dependency tree
 
Reported: 2018-05-07 16:06 UTC by Rage <oxr463>
Modified: 2020-02-26 18:44 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Rage <oxr463> 2018-05-07 16:06:13 UTC
I am working on bumping this package to the latest release and while the package installed without any problems, I did notice this in the emerge log. 

 * QA Notice: The following files contain writable and executable sections
 *  Files with such sections will not work properly (or at all!) on some
 *  architectures/operating systems.  A bug should be filed at
 *  https://bugs.gentoo.org/ to make sure the issue is fixed.
 *  For more information, see:
 *
 *    https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart
 *
 *  Please include the following list of files in your report:
 *  Note: Bugs should be filed for the respective maintainers
 *  of the package in question and not hardened@g.o.
 * RWX --- --- usr/sbin/zerotier-one
Comment 1 Rage <oxr463> 2018-05-07 16:08:44 UTC
overlay-devel ~ # file $(which zerotier-one)
/usr/sbin/zerotier-one: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, stripped
Comment 2 Jonas Stein gentoo-dev 2018-05-08 08:18:53 UTC
Please prepare a PR with your fix and contact the Proxy team on IRC, if you got stuck.

https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers
Comment 3 Rage <oxr463> 2018-05-23 14:20:50 UTC
gentoo-devel ~ # scanelf -lpqe
RWX --- ---  /usr/sbin/zerotier-one

gentoo-devel ~ # readelf -S /usr/sbin/zerotier-one
There are 28 section headers, starting at offset 0x138dc0:

Section Headers:
  [Nr] Name              Type             Address           Offset
       Size              EntSize          Flags  Link  Info  Align
  [ 0]                   NULL             0000000000000000  00000000
       0000000000000000  0000000000000000           0     0     0
  [ 1] .interp           PROGBITS         0000000000000238  00000238
       000000000000001c  0000000000000000   A       0     0     1
  [ 2] .note.ABI-tag     NOTE             0000000000000254  00000254
       0000000000000020  0000000000000000   A       0     0     4
  [ 3] .gnu.hash         GNU_HASH         0000000000000278  00000278
       00000000000000b8  0000000000000000   A       4     0     8
  [ 4] .dynsym           DYNSYM           0000000000000330  00000330
       0000000000001530  0000000000000018   A       5     1     8
  [ 5] .dynstr           STRTAB           0000000000001860  00001860
       0000000000001665  0000000000000000   A       0     0     1
  [ 6] .gnu.version      VERSYM           0000000000002ec6  00002ec6
       00000000000001c4  0000000000000002   A       4     0     2
  [ 7] .gnu.version_r    VERNEED          0000000000003090  00003090
       0000000000000180  0000000000000000   A       5     4     8
  [ 8] .rela.dyn         RELA             0000000000003210  00003210
       0000000000001ff8  0000000000000018   A       4     0     8
  [ 9] .rela.plt         RELA             0000000000005208  00005208
       0000000000001158  0000000000000018  AI       4    24     8
  [10] .init             PROGBITS         0000000000006360  00006360
       0000000000000017  0000000000000000  AX       0     0     4
  [11] .plt              PROGBITS         0000000000006380  00006380
       0000000000000ba0  0000000000000010  AX       0     0     16
  [12] .plt.got          PROGBITS         0000000000006f20  00006f20
       0000000000000018  0000000000000008  AX       0     0     8
  [13] .text             PROGBITS         0000000000006f40  00006f40
       00000000000ec512  0000000000000000  AX       0     0     32
  [14] .fini             PROGBITS         00000000000f3454  000f3454
       0000000000000009  0000000000000000  AX       0     0     4
  [15] .rodata           PROGBITS         00000000000f3460  000f3460
       000000000002d820  0000000000000000   A       0     0     32
  [16] .eh_frame_hdr     PROGBITS         0000000000120c80  00120c80
       0000000000001d0c  0000000000000000   A       0     0     4
  [17] .eh_frame         PROGBITS         0000000000122990  00122990
       000000000000d0d8  0000000000000000   A       0     0     8
  [18] .gcc_except_table PROGBITS         000000000012fa68  0012fa68
       000000000000623c  0000000000000000   A       0     0     4
  [19] .init_array       INIT_ARRAY       00000000003369f0  001369f0
       00000000000000e0  0000000000000008  WA       0     0     8
  [20] .fini_array       FINI_ARRAY       0000000000336ad0  00136ad0
       0000000000000008  0000000000000008  WA       0     0     8
  [21] .jcr              PROGBITS         0000000000336ad8  00136ad8
       0000000000000008  0000000000000000  WA       0     0     8
  [22] .data.rel.ro      PROGBITS         0000000000336ae0  00136ae0
       0000000000000c78  0000000000000000  WA       0     0     32
  [23] .dynamic          DYNAMIC          0000000000337758  00137758
       0000000000000250  0000000000000010  WA       5     0     8
  [24] .got              PROGBITS         00000000003379a8  001379a8
       0000000000000648  0000000000000008  WA       0     0     8
  [25] .data             PROGBITS         0000000000338000  00138000
       0000000000000cc8  0000000000000000  WA       0     0     32
  [26] .bss              NOBITS           0000000000338ce0  00138cc8
       0000000000010250  0000000000000000  WA       0     0     32
  [27] .shstrtab         STRTAB           0000000000000000  00138cc8
       00000000000000f6  0000000000000000           0     0     1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
  L (link order), O (extra OS processing required), G (group), T (TLS),
  C (compressed), x (unknown), o (OS specific), E (exclude),
  l (large), p (processor specific)

Also, -Wl,-z,noexecstack is already appended to the ld-flags.
Comment 4 Rage <oxr463> 2018-05-31 13:18:49 UTC
Upstream is aware of this problem and has supposedly resolved it in v1.2.10

> This is fixed in 1.2.10, just tagged. We might not do binaries for this one though since there are two more bugs set to die shortly.

https://github.com/zerotier/ZeroTierOne/issues/762
Comment 5 Rage <oxr463> 2018-06-15 15:55:15 UTC
The latest version (1.2.10) contains the same issue.
I may need some help on this.

gentoo-devel ~ # zerotier-one -V
ZeroTier One version 1.2.10
Copyright (c) 2011-2018 ZeroTier, Inc.
This is free software: you may copy, modify, and/or distribute this
work under the terms of the GNU General Public License, version 3 or
later as published by the Free Software Foundation.
No warranty expressed or implied.

Usage: zerotier-one [-switches] [home directory]

Available switches:
  -h                - Display this help
  -v                - Show version
  -U                - Skip privilege check and do not attempt to drop privileges
  -p<port>          - Port for UDP and TCP/HTTP (default: 9993, 0 for random)
  -d                - Fork and run as daemon (Unix-ish OSes)
  -i                - Generate and manage identities (zerotier-idtool)
  -q                - Query API (zerotier-cli)

gentoo-devel ~ # scanelf -lpqe
RWX --- ---  /usr/sbin/zerotier-one

gentoo-devel ~ # readelf -S /usr/sbin/zerotier-one
There are 28 section headers, starting at offset 0x138dc0:

Section Headers:
  [Nr] Name              Type             Address           Offset
       Size              EntSize          Flags  Link  Info  Align
  [ 0]                   NULL             0000000000000000  00000000
       0000000000000000  0000000000000000           0     0     0
  [ 1] .interp           PROGBITS         0000000000000238  00000238
       000000000000001c  0000000000000000   A       0     0     1
  [ 2] .note.ABI-tag     NOTE             0000000000000254  00000254
       0000000000000020  0000000000000000   A       0     0     4
  [ 3] .gnu.hash         GNU_HASH         0000000000000278  00000278
       00000000000000b8  0000000000000000   A       4     0     8
  [ 4] .dynsym           DYNSYM           0000000000000330  00000330
       0000000000001530  0000000000000018   A       5     1     8
  [ 5] .dynstr           STRTAB           0000000000001860  00001860
       0000000000001665  0000000000000000   A       0     0     1
  [ 6] .gnu.version      VERSYM           0000000000002ec6  00002ec6
       00000000000001c4  0000000000000002   A       4     0     2
  [ 7] .gnu.version_r    VERNEED          0000000000003090  00003090
       0000000000000180  0000000000000000   A       5     4     8
  [ 8] .rela.dyn         RELA             0000000000003210  00003210
       0000000000001ff8  0000000000000018   A       4     0     8
  [ 9] .rela.plt         RELA             0000000000005208  00005208
       0000000000001158  0000000000000018  AI       4    24     8
  [10] .init             PROGBITS         0000000000006360  00006360
       0000000000000017  0000000000000000  AX       0     0     4
  [11] .plt              PROGBITS         0000000000006380  00006380
       0000000000000ba0  0000000000000010  AX       0     0     16
  [12] .plt.got          PROGBITS         0000000000006f20  00006f20
       0000000000000018  0000000000000008  AX       0     0     8
  [13] .text             PROGBITS         0000000000006f40  00006f40
       00000000000ec512  0000000000000000  AX       0     0     32
  [14] .fini             PROGBITS         00000000000f3454  000f3454
       0000000000000009  0000000000000000  AX       0     0     4
  [15] .rodata           PROGBITS         00000000000f3460  000f3460
       000000000002d820  0000000000000000   A       0     0     32
  [16] .eh_frame_hdr     PROGBITS         0000000000120c80  00120c80
       0000000000001d0c  0000000000000000   A       0     0     4
  [17] .eh_frame         PROGBITS         0000000000122990  00122990
       000000000000d0d8  0000000000000000   A       0     0     8
  [18] .gcc_except_table PROGBITS         000000000012fa68  0012fa68
       000000000000623c  0000000000000000   A       0     0     4
  [19] .init_array       INIT_ARRAY       00000000003369f0  001369f0
       00000000000000e0  0000000000000008  WA       0     0     8
  [20] .fini_array       FINI_ARRAY       0000000000336ad0  00136ad0
       0000000000000008  0000000000000008  WA       0     0     8
  [21] .jcr              PROGBITS         0000000000336ad8  00136ad8
       0000000000000008  0000000000000000  WA       0     0     8
  [22] .data.rel.ro      PROGBITS         0000000000336ae0  00136ae0
       0000000000000c78  0000000000000000  WA       0     0     32
  [23] .dynamic          DYNAMIC          0000000000337758  00137758
       0000000000000250  0000000000000010  WA       5     0     8
  [24] .got              PROGBITS         00000000003379a8  001379a8
       0000000000000648  0000000000000008  WA       0     0     8
  [25] .data             PROGBITS         0000000000338000  00138000
       0000000000000cc8  0000000000000000  WA       0     0     32
  [26] .bss              NOBITS           0000000000338ce0  00138cc8
       0000000000010250  0000000000000000  WA       0     0     32
  [27] .shstrtab         STRTAB           0000000000000000  00138cc8
       00000000000000f6  0000000000000000           0     0     1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
  L (link order), O (extra OS processing required), G (group), T (TLS),
  C (compressed), x (unknown), o (OS specific), E (exclude),
  l (large), p (processor specific)
Comment 6 Benda Xu gentoo-dev 2018-07-03 01:09:54 UTC
(In reply to Rage <OxR463> from comment #5)
> The latest version (1.2.10) contains the same issue.
> I may need some help on this.
> 
> gentoo-devel ~ # zerotier-one -V
> ZeroTier One version 1.2.10
> Copyright (c) 2011-2018 ZeroTier, Inc.
> This is free software: you may copy, modify, and/or distribute this
> work under the terms of the GNU General Public License, version 3 or
> later as published by the Free Software Foundation.
> No warranty expressed or implied.

I am not familiar with ELF.  Would you please follow up the upstream issue with what you have found?
Comment 7 Rage <oxr463> 2018-07-18 14:03:06 UTC
To: adam.ierymenko@zerotier.com

Date: Thu, Jul 5, 2018 at 12:22 PM

Subject: >=zerotier-1.2.8 QA: files contain writable and executable sections: usr/sbin/zerotier-one #762

Body:

Greetings,

I opened this issue,

https://github.com/zerotier/ZeroTierOne/issues/762

on May 23rd, and it was closed as fixed in the 1.2.10 on the 29th, but I am still experiencing it in the latest release.

I left Github but I am still trying to resolve this issue. 

The details and any logs can be found on here,

https://bugs.gentoo.org/655180

Thanks again,
Comment 8 Rage <oxr463> 2018-09-24 15:39:45 UTC
I'm afraid that at this point in time, this is beyond my abilities to resolve.
Comment 9 Jeroen Roovers gentoo-dev 2018-09-25 11:48:02 UTC
ramage.lucas@openmailbox.org should be changed in metadata.xml.
Comment 10 Rage <oxr463> 2018-10-25 01:09:38 UTC
gentoo-devel /usr/portage # zerotier-one -V
ZeroTier One version 1.2.12
Copyright (c) 2011-2018 ZeroTier, Inc.
This is free software: you may copy, modify, and/or distribute this
work under the terms of the GNU General Public License, version 3 or
later as published by the Free Software Foundation.
No warranty expressed or implied.

Usage: zerotier-one [-switches] [home directory]

Available switches:
  -h                - Display this help
  -v                - Show version
  -U                - Skip privilege check and do not attempt to drop privileges
  -p<port>          - Port for UDP and TCP/HTTP (default: 9993, 0 for random)
  -d                - Fork and run as daemon (Unix-ish OSes)
  -i                - Generate and manage identities (zerotier-idtool)
  -q                - Query API (zerotier-cli)

gentoo-devel /usr/portage # scanelf -lpqe
RWX --- ---  /usr/sbin/zerotier-one

gentoo-devel /usr/portage # readelf -S /usr/sbin/zerotier-one
There are 27 section headers, starting at offset 0x12bdc0:

Section Headers:
  [Nr] Name              Type             Address           Offset
       Size              EntSize          Flags  Link  Info  Align
  [ 0]                   NULL             0000000000000000  00000000
       0000000000000000  0000000000000000           0     0     0
  [ 1] .interp           PROGBITS         0000000000000238  00000238
       000000000000001c  0000000000000000   A       0     0     1
  [ 2] .note.ABI-tag     NOTE             0000000000000254  00000254
       0000000000000020  0000000000000000   A       0     0     4
  [ 3] .gnu.hash         GNU_HASH         0000000000000278  00000278
       00000000000000b8  0000000000000000   A       4     0     8
  [ 4] .dynsym           DYNSYM           0000000000000330  00000330
       0000000000001530  0000000000000018   A       5     1     8
  [ 5] .dynstr           STRTAB           0000000000001860  00001860
       000000000000167f  0000000000000000   A       0     0     1
  [ 6] .gnu.version      VERSYM           0000000000002ee0  00002ee0
       00000000000001c4  0000000000000002   A       4     0     2
  [ 7] .gnu.version_r    VERNEED          00000000000030a8  000030a8
       0000000000000180  0000000000000000   A       5     4     8
  [ 8] .rela.dyn         RELA             0000000000003228  00003228
       0000000000001f68  0000000000000018   A       4     0     8
  [ 9] .rela.plt         RELA             0000000000005190  00005190
       0000000000001170  0000000000000018  AI       4    23     8
  [10] .init             PROGBITS         0000000000006300  00006300
       0000000000000017  0000000000000000  AX       0     0     4
  [11] .plt              PROGBITS         0000000000006320  00006320
       0000000000000bb0  0000000000000010  AX       0     0     16
  [12] .plt.got          PROGBITS         0000000000006ed0  00006ed0
       0000000000000018  0000000000000008  AX       0     0     8
  [13] .text             PROGBITS         0000000000006f00  00006f00
       00000000000dff12  0000000000000000  AX       0     0     32
  [14] .fini             PROGBITS         00000000000e6e14  000e6e14
       0000000000000009  0000000000000000  AX       0     0     4
  [15] .rodata           PROGBITS         00000000000e6e20  000e6e20
       000000000002d880  0000000000000000   A       0     0     32
  [16] .eh_frame_hdr     PROGBITS         00000000001146a0  001146a0
       0000000000001d6c  0000000000000000   A       0     0     4
  [17] .eh_frame         PROGBITS         0000000000116410  00116410
       000000000000d368  0000000000000000   A       0     0     8
  [18] .gcc_except_table PROGBITS         0000000000123778  00123778
       00000000000060a0  0000000000000000   A       0     0     4
  [19] .init_array       INIT_ARRAY       0000000000329a38  00129a38
       00000000000000e0  0000000000000008  WA       0     0     8
  [20] .fini_array       FINI_ARRAY       0000000000329b18  00129b18
       0000000000000008  0000000000000008  WA       0     0     8
  [21] .data.rel.ro      PROGBITS         0000000000329b20  00129b20
       0000000000000c48  0000000000000000  WA       0     0     32
  [22] .dynamic          DYNAMIC          000000000032a768  0012a768
       0000000000000250  0000000000000010  WA       5     0     8
  [23] .got              PROGBITS         000000000032a9b8  0012a9b8
       0000000000000648  0000000000000008  WA       0     0     8
  [24] .data             PROGBITS         000000000032b000  0012b000
       0000000000000cc8  0000000000000000  WA       0     0     32
  [25] .bss              NOBITS           000000000032bce0  0012bcc8
       0000000000010250  0000000000000000  WA       0     0     32
  [26] .shstrtab         STRTAB           0000000000000000  0012bcc8
       00000000000000f1  0000000000000000           0     0     1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
  L (link order), O (extra OS processing required), G (group), T (TLS),
  C (compressed), x (unknown), o (OS specific), E (exclude),
  l (large), p (processor specific)
Comment 11 Andreas Sturmlechner gentoo-dev 2020-02-26 18:44:39 UTC
Is it fixed in recent version then?