On Sun, Aug 07, 2005 at 03:51:43AM -0700, Steve Langasek wrote: > Both the sarge and the sid versions of libssl0.9.7 were definitely *not* > built with gcc-2.95, but they both have a PT_GNU_STACK header in > /usr/lib/i686/cmov/libcrypto.so.0.9.7 which explicitly requests an > executable stack. This is not the same bug as the others, which were > getting an executable stack by default. Since there may be legitimate > reasons for requesting an executable stack, I'm downgrading this bug to > minor in addition to reassigning it -- anyone playing with grsec/PaX should > be prepared for the possibility of having to deal with setting such policies > on binaries where needed.
The executable stack is requested by the lack of a .note.GNU-stack
section in the assembler files. Someone need to decide if this is needed
or if we can just fix this with the attached patch.
Bastian
--
You're dead, Jim.
-- McCoy, "Amok Time", stardate 3372.7
diff -urN openssl-0.9.7g/crypto/perlasm/x86asm.pl
openssl-0.9.7g.execstack/crypto/perlasm/x86asm.pl
--- openssl-0.9.7g/crypto/perlasm/x86asm.pl 2004-12-01 16:45:34.000000000
+0100
+++ openssl-0.9.7g.execstack/crypto/perlasm/x86asm.pl 2005-08-07
13:58:04.000000000 +0200
@@ -11,6 +11,7 @@
&file_end();
&asm_finish_cpp() if $cpp;
print &asm_get_output();
+ print ".section .note.GNU-stack,\"\",[EMAIL PROTECTED]" if ($type eq
"elf");;
}
sub main'asm_init
signature.asc
Description: Digital signature
