Selinux

[Tom Horsley]

On Sun, 1 May 2011 19:58:36 -0400
Tom Horsley wrote:

> On Mon, 2 May 2011 00:49:33 +0100 (BST)
> Patrick Dupre wrote:
> 
> > The file ttt.so is generate by myself in user mode and I cannot access it.
> > This strange !!
> > how can I get rid of this problem ?
> 
> I've seen something like this before. I believe you have to
> add some flags when linking to mark the object file as
> promising not to execute on the stack. The default linker
> options don't do this, so selinux assumes the worst.
> 
> I'm afraid I don't remember the details of how you add those
> flags though.

Found a good page on this. I bet you have some assembly code
as part of your library, and the source is missing the magic
voo-doo to promise never to execute the stack, so they
taint the whole object file.

Here's a good reference (a gentoo page, but not really
gentoo specific):

http://www.gentoo.org/proj/en/hardened/gnu-stack.xml