Reviewer needed: fix for JamVM's SElinux execstack issue for IcedTea6 HEAD

Dr Andrew John Hughes ahughes at redhat.com
Tue Aug 16 06:44:33 PDT 2011 

On 17:46 Fri 12 Aug     , Xerxes Rånby wrote:
> fre 2011-08-12 klockan 17:16 +0200 skrev Pavel Tisnovsky:
> > Greetings,
> > 
> > as Omair and Xerxes pointed out yesterday, the SELinux executable stack
> > issue found in JamVM running under Fedora 14 x86_64 is caused by linker
> > settings. I've tried to add LDFLAGS to disable the settings of
> > executable bit for stack and it works perfectly in my case.
> > 
> > Can anybody please review this simple fix I've made in Makefile.am?
> > AFAIK the proposed linker settings is applicable to all platforms.
> > 
> > Here's ChangeLog entry:
> > 
> > 2011-08-12  Pavel Tisnovsky  <ptisnovs at redhat.com>
> > 
> >         * Makefile.am: added LDFLAGS for JamVM to fix the SELinux
> >         executable flag issue.
> > 
> > Cheers,
> > Pavel
> > vanligt textdokument-bilaga (jamvm_execstack_hg.diff)
> > diff -r 4c641e5e379d Makefile.am
> > --- a/Makefile.am	Thu Aug 11 16:48:40 2011 +0200
> > +++ b/Makefile.am	Fri Aug 12 11:06:23 2011 -0400
> > @@ -1811,6 +1811,7 @@
> >  stamps/jamvm.stamp: $(OPENJDK_TREE) stamps/rt.stamp
> >  if BUILD_JAMVM
> >  	cd jamvm/jamvm && \
> > +	LDFLAGS="-Xlinker -z -Xlinker noexecstack" \
> >  	./autogen.sh --with-java-runtime-library=openjdk \
> >  	  --prefix=$(abs_top_builddir)/jamvm/install ; \
> >  	$(MAKE) ; \
> 
> Nice fix, i would suggest to add a NEWS entry.
> 
> Pushing this and having the buildbots build and test JamVM on all
> various combinations of distributions and various default gcc settings
> are the only sane way to know if these linker flags can introduce any
> sideffects.
> 
> In in favour for you to push this fix to icedtea6, icedtea7 and the
> icedtea branch, thanks.
> 
> Cheers,
> Xerxes
> 

It's probably worth also getting this fixed upstream in JamVM.
-- 
Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

Support Free Java!
Contribute to GNU Classpath and IcedTea
http://www.gnu.org/software/classpath
http://icedtea.classpath.org
PGP Key: F5862A37 (https://keys.indymedia.org/)
Fingerprint = EA30 D855 D50F 90CD F54D  0698 0713 C3ED F586 2A37

More information about the distro-pkg-dev mailing list