Debian Bug report logs - #445895
libcallback.so.0.0.0 and libavcall.so.0.0.0 mistakenly listed as requiring an executable stack

version graph

Package: libffcall1; Maintainer for libffcall1 is Christoph Egger <christoph@debian.org>; Source for libffcall1 is src:ffcall.

Reported by: Eddy Petrișor <eddy.petrisor@gmail.com>

Date: Mon, 8 Oct 2007 23:30:04 UTC

Severity: normal

Found in version ffcall/1.10+2.41-3

Forwarded to https://savannah.gnu.org/bugs/?30273

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Hubert Chan <uhoreg@debian.org>:
Bug#445895; Package libffcall1. Full text and rfc822 format available.

Acknowledgement sent to Eddy Petrișor <eddy.petrisor@gmail.com>:
New Bug report received and forwarded. Copy sent to Hubert Chan <uhoreg@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Eddy Petrișor <eddy.petrisor@gmail.com>
To: submit@bugs.debian.org
Subject: libcallback.so.0.0.0 and libavcall.so.0.0.0 mistakenly listed as requiring an executable stack
Date: Tue, 09 Oct 2007 02:29:07 +0300
[Message part 1 (text/plain, inline)]
Package: libffcall1
Version: 1.10+2.41-3
Severity: normal

These commands show both shared objects provided by libffcall1 to need an
executable stack.

bounty:/usr/lib# readelf -l /usr/lib/libcallback.so.0.0.0 | grep STACK
  GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000
bounty:/usr/lib# readelf -l /usr/lib/libavcall.so.0.0.0 | grep STACK
  GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000

I believe that this is a mistake and is an issue on SELinux systems since it
requires lowering security protections.

Please see http://people.redhat.com/drepper/nonselsec.pdf for more information.


I tried running execstack -c on the the files in question and it worked. This is
not the best solution since execstack does not exist on all platforms and
because the issue should really be fixed in the source.


--- System information. ---
Architecture: amd64
Kernel:       Linux 2.6.21-2-amd64

Debian Release: lenny/sid
  900 testing         www.emdebian.org
  900 testing         snapshot.debian.net
  900 testing         security.debian.org
  900 testing         ftp.ro.debian.org
   10 unstable        ftp.ro.debian.org

--- Package information. ---
Depends         (Version) | Installed
=========================-+-=============
libc6        (>= 2.3.5-1) | 2.6.1-1


[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Hubert Chan <uhoreg@debian.org>:
Bug#445895; Package libffcall1. Full text and rfc822 format available.

Acknowledgement sent to russell@coker.com.au:
Extra info received and forwarded to list. Copy sent to Hubert Chan <uhoreg@debian.org>. Full text and rfc822 format available.

Message #10 received at 445895@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: 445895@bugs.debian.org
Subject: patch to fix this on i386
Date: Wed, 10 Oct 2007 12:10:16 +1000
The following patch marks the shared objects as not requiring an executable 
stack on i386.  I intentionally didn't attempt to patch it for other 
architectures as I can't test them.

diff -ru orig.ffcall-1.10/ffcall/avcall/avcall-i386-macro.S 
ffcall-1.10+2.41/ffcall/avcall/avcall-i386-macro.S
--- orig.ffcall-1.10/ffcall/avcall/avcall-i386-macro.S	2006-10-13 
23:55:29.000000000 +1000
+++ ffcall-1.10+2.41/ffcall/avcall/avcall-i386-macro.S	2007-10-10 
12:00:09.000000000 +1000
@@ -1,4 +1,7 @@
 #include "asmi386.h"
+
+.section .note.GNU-stack,"",@progbits
+
 TEXT()
 	ALIGN(2)
 GLOBL(C(__builtin_avcall))
diff -ru orig.ffcall-1.10/ffcall/callback/trampoline_r/proto-i386.s 
ffcall-1.10+2.41/ffcall/callback/trampoline_r/proto-i386.s
--- orig.ffcall-1.10/ffcall/callback/trampoline_r/proto-i386.s	2006-10-13 
23:55:31.000000000 +1000
+++ ffcall-1.10+2.41/ffcall/callback/trampoline_r/proto-i386.s	2007-10-10 
12:01:20.000000000 +1000
@@ -1,3 +1,5 @@
+.section .note.GNU-stack,"",@progbits
+
 	.file	"proto.c"
 gcc2_compiled.:
 ___gnu_compiled_c:
diff -ru orig.ffcall-1.10/ffcall/callback/trampoline_r/tramp-i386.s 
ffcall-1.10+2.41/ffcall/callback/trampoline_r/tramp-i386.s
--- orig.ffcall-1.10/ffcall/callback/trampoline_r/tramp-i386.s	2006-10-13 
23:55:31.000000000 +1000
+++ ffcall-1.10+2.41/ffcall/callback/trampoline_r/tramp-i386.s	2007-10-10 
12:01:04.000000000 +1000
@@ -1,5 +1,7 @@
 /* Trampoline for i386 CPU */
 
+.section .note.GNU-stack,"",@progbits
+
 /*
  * Copyright 1995-1999 Bruno Haible, <bruno@clisp.org>
  *
diff -ru orig.ffcall-1.10/ffcall/callback/vacall_r/vacall-i386-macro.S 
ffcall-1.10+2.41/ffcall/callback/vacall_r/vacall-i386-macro.S
--- orig.ffcall-1.10/ffcall/callback/vacall_r/vacall-i386-macro.S	2006-10-13 
23:55:31.000000000 +1000
+++ ffcall-1.10+2.41/ffcall/callback/vacall_r/vacall-i386-macro.S	2007-10-10 
12:00:16.000000000 +1000
@@ -1,4 +1,7 @@
 #include "asmi386.h"
+
+.section .note.GNU-stack,"",@progbits
+
 TEXT()
 	ALIGN(2)
 GLOBL(C(__vacall_r))
diff -ru orig.ffcall-1.10/ffcall/trampoline/proto-i386.s 
ffcall-1.10+2.41/ffcall/trampoline/proto-i386.s
--- orig.ffcall-1.10/ffcall/trampoline/proto-i386.s	2006-10-13 
23:55:32.000000000 +1000
+++ ffcall-1.10+2.41/ffcall/trampoline/proto-i386.s	2007-10-10 
12:01:38.000000000 +1000
@@ -1,3 +1,5 @@
+.section .note.GNU-stack,"",@progbits
+
 	.file	"proto.c"
 gcc2_compiled.:
 ___gnu_compiled_c:
diff -ru orig.ffcall-1.10/ffcall/trampoline/tramp-i386.s 
ffcall-1.10+2.41/ffcall/trampoline/tramp-i386.s
--- orig.ffcall-1.10/ffcall/trampoline/tramp-i386.s	2006-10-13 
23:55:32.000000000 +1000
+++ ffcall-1.10+2.41/ffcall/trampoline/tramp-i386.s	2007-10-10 
12:01:28.000000000 +1000
@@ -1,5 +1,7 @@
 /* Trampoline for i386 CPU */
 
+.section .note.GNU-stack,"",@progbits
+
 /*
  * Copyright 1995 Bruno Haible, <bruno@clisp.org>
  *
diff -ru orig.ffcall-1.10/ffcall/vacall/vacall-i386-macro.S 
ffcall-1.10+2.41/ffcall/vacall/vacall-i386-macro.S
--- orig.ffcall-1.10/ffcall/vacall/vacall-i386-macro.S	2006-10-13 
23:55:32.000000000 +1000
+++ ffcall-1.10+2.41/ffcall/vacall/vacall-i386-macro.S	2007-10-10 
12:00:13.000000000 +1000
@@ -1,4 +1,7 @@
 #include "asmi386.h"
+
+.section .note.GNU-stack,"",@progbits
+
 TEXT()
 	ALIGN(2)
 GLOBL(C(__vacall))





Set Bug forwarded-to-address to 'https://savannah.gnu.org/bugs/?30273'. Request was from Christoph Egger <christoph@debian.org> to control@bugs.debian.org. (Sun, 27 Jun 2010 18:57:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Christoph Egger <christoph@debian.org>:
Bug#445895; Package libffcall1. (Sun, 27 Jun 2010 20:54:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sam Steingold <sds@gnu.org>:
Extra info received and forwarded to list. Copy sent to Christoph Egger <christoph@debian.org>. (Sun, 27 Jun 2010 20:54:03 GMT) Full text and rfc822 format available.

Message #17 received at 445895@bugs.debian.org (full text, mbox):

From: Sam Steingold <sds@gnu.org>
To: 445895@bugs.debian.org
Subject: libffcall & executable stack
Date: Sun, 27 Jun 2010 16:50:59 -0400
please also see https://savannah.gnu.org/bugs/index.php?30273

how well does your patch work with clisp and other libffcall users?
did you build clisp with the non-stack-executable libffcall?
does "make check" in clisp work?
thanks.

-- 
Sam Steingold <http://sds.podval.org>




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 11:48:25 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.