Selinux
Tom Horsley
horsley1953 at gmail.com
Mon May 2 00:10:08 UTC 2011
On Sun, 1 May 2011 19:58:36 -0400
Tom Horsley wrote:
> On Mon, 2 May 2011 00:49:33 +0100 (BST)
> Patrick Dupre wrote:
>
> > The file ttt.so is generate by myself in user mode and I cannot access it.
> > This strange !!
> > how can I get rid of this problem ?
>
> I've seen something like this before. I believe you have to
> add some flags when linking to mark the object file as
> promising not to execute on the stack. The default linker
> options don't do this, so selinux assumes the worst.
>
> I'm afraid I don't remember the details of how you add those
> flags though.
Found a good page on this. I bet you have some assembly code
as part of your library, and the source is missing the magic
voo-doo to promise never to execute the stack, so they
taint the whole object file.
Here's a good reference (a gentoo page, but not really
gentoo specific):
http://www.gentoo.org/proj/en/hardened/gnu-stack.xml
More information about the users
mailing list