Subject: Re: shared objects installed without execute permission bogus warning?
To: grant beattie <grant@NetBSD.org>
From: Todd Vierling <tv@duh.org>
List: tech-pkg
Date: 10/28/2004 09:55:37
On Thu, 28 Oct 2004, grant beattie wrote:
> > As I mentioned, there have been musings about various ways to reduce the
> > exposure of mmap's PROT_EXEC (on various Un*xen), and one such way is
> > reintroducing the inode execute permission bit as a constraint. That much
> > aside, the warnings encourage pkgsrc maintainers to fix third party software
> > to be more portable, which is a real-world gain.
>
> that assumes we want to a) actually do that, b) maintain such patches.
I presumed the answer to both was yes, based on Alistair's recommendation to
introduce [BSD_]INSTALL_LIB. I was planning on suggesting same to the
automake folks relatively soon, as well.
> as for platforms exposing mmap's PROT_EXEC, that's platform specific
> functionality and should be treated as such.
I probably spoke too technically on this, then. The point is to allow
execute permission on pages only from files also marked executable. mmap()
is just an implementation detail of that scheme.
> > [*] Which makes me wonder what the big deal is. It's just a few lines of
> > text in the build output; what is the problem? Would putting the code
> > in question under PKG_DEVELOPER=YES make it more palatable?
Based on other comments, I'll place the warning under PKG_DEVELOPER=YES (but
the chmod will still occur regardless of that setting, to ensure binary
package equivalence). Until and unless [BSD_]INSTALL_LIB is backed out of
pkgsrc, this functionality is not OPSYS-specific.
--
-- Todd Vierling <tv@duh.org> <tv@pobox.com>