Shared library permissions in Debian-land and Red Hat-land
Nathaniel McCallum
nathaniel at natemccallum.com
Mon Mar 28 20:11:43 UTC 2011
On Mon, 2011-03-28 at 16:05 -0400, Przemek Klosowski wrote:
> On 03/24/2011 02:49 PM, Kevin Kofler wrote:
> > On Thursday 24 March 2011, you wrote:
> >> Hmm, I thought there'd be a catch. What's executable permission needed
> >> for? Isn't that just reading/parsing? I can do some work but I am
> >> totally unfamiliar with this area.
> >
> > Files which aren't executable aren't even considered as candidates for being
> > ELF files to extract debuginfo from.
> >
> > Without execute permission, you'd have to check EVERY SINGLE installed FILE
> > for being ELF, that might be a significant performance hit. It'd have to be
> > tried at least.
>
> OK, so executable permission is used as a tag for identifying ELF files.
> It's a little inelegant because there are some negative side effects
> from executing those non-executable files.
>
> If, hypothetically, we wanted to change that, is there any other way to
> reliably mark ELF files? I could think of those:
>
> - extended filesystem attributes? works but might be FS-dependent
> - make the files owned by a special ELF group
> - a system-level directory of ELF files maintained by e.g. RPM
Well, technically you could still use +x for other non-shared library
ELF files, you'd just also need to look for .so files. That seems to me
the simplest solution and should still be fast since the filename is in
the directory inode (which you have to read anyway).
More information about the devel
mailing list