bredzhang / shellinabox

Automatically exported from code.google.com/p/shellinabox
0 stars 0 forks source link

shellinabox is missing GNU_STACK option #41

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
I was trying to package shellinabox on Fedora, and rpmlint outputs the
following warning:
shellinabox.x86_64: W: executable-stack /usr/bin/shellinaboxd

I checked the binary with readelf -S, and it's missing a .note.GNU-STACK
option.

All object files have such a section, except for the css and html files
which are converted with objcopy. I suspect adding this section with
objcopy --add-section can resolve this, I haven't tried it though.

There's some more info about this on
http://www.gentoo.org/proj/en/hardened/gnu-stack.xml

Original issue reported on code.google.com by ruben%ti...@gtempaccount.com on 10 Dec 2009 at 3:41

GoogleCodeExporter commented 8 years ago
Fixed in Subversion -- I think. Unfortunately, I couldn't find any 
documentation on 
what actually goes into this note, and objcopy doesn't allow adding an empty 
file. So, 
I added a single zero-byte. If that doesn't work, please try to dig up a link 
to 
documentation saying what should be stored in this note.

Original comment by zod...@gmail.com on 10 Dec 2009 at 6:51

GoogleCodeExporter commented 8 years ago
Wow, that was fast!

This does indeed do the trick, tested with scanelf from pax-utils:

[ruben@slice shellinabox-2.10]$ scanelf -e shellinaboxd
 TYPE   STK/REL/PTL FILE
ET_EXEC RW- --- RW- shellinaboxd
[ruben@slice shellinabox-2.10]$ scanelf -e shellinaboxd.old
 TYPE   STK/REL/PTL FILE
ET_EXEC RWX --- RW- shellinaboxd.old

Thanks

Original comment by ruben%ti...@gtempaccount.com on 11 Dec 2009 at 1:31

GoogleCodeExporter commented 8 years ago
If you succeed in packaging from Fedora, would you mind contributing your 
scripts to 
the project? I'd love to give all users the ability to build native Fedora 
packages, 
even if they just downloaded the head of the Subversion tree.

But am not particularly familiar with what Fedora looks like these days. In 
particular, I cannot figure out how to make SELinux sufficiently happy that it 
does 
the right thing when shellinaboxd calls /bin/login.

Original comment by zod...@gmail.com on 11 Dec 2009 at 11:46