selinux execmem and sigaltstack
Kevin Kofler
kevin.kofler at chello.at
Wed Feb 13 08:24:35 UTC 2008
Adam Goode <adam <at> spicenitz.org> writes:
> Now Fedora 9 tightens the default selinux booleans and by default
> mprotect with PROT_EXEC will fail. I want to fix MLton upstream to work
Ouch, executable stacks are evil, the only reason you got away with it until
now is that it is a custom stack being allocated that way (the system-allocated
stack falls under "execstack" which is already banned by SELinux, with few
exceptions).
> correctly. Should I special case systems that require PROT_EXEC? Or is
Maybe the GCC and glibc folks (Jakub Jelinek, Ulrich Drepper, ...) can tell you
more, but IMHO special-casing the broken systems is the right thing to do if
you want to get the patch upstream. For a quick fix, in Fedora, you should be
able to simply patch out the PROT_EXEC entirely, parisc isn't a Fedora
architecture anyway.
Kevin Kofler
More information about the fedora-devel-list
mailing list