Hi,
it appears the optimized versions of libcrypto.so.0.9.8 still contain
text relocations -- this makes selinux complain about 'execmod'
permissions:
avc: denied { execmod } for pid=1875 comm=ntpdate \
path=/usr/lib/i686/cmov/libcrypto.so.0.9.8 dev=sda8 ino=325290 \
You're correct, it seems to be a compiler optimization issue. Forcing the
openssl build to use -O1 instead of -O3 (-O2 also fails) resolves the issue.
This does not appear to be a problem with the same version of the compiler
on another 64-bit platform, Linux x86_64, so at first blush it appears
it appears the optimized versions of libcrypto.so.0.9.8 still contain
text relocations -- this makes selinux complain about 'execmod'
permissions:
avc: denied { execmod } for pid=1875 comm=ntpdate \
path=/usr/lib/i686/cmov/libcrypto.so.0.9.8 dev=sda8 ino=325290 \
Hi,
since openssl release 0.9.8f the test suite of ipsec-tools test suite
fails in the Diffi-Hellman test which uses the openssl DH API.
The calculated shared secret does not match.
The problem appears only with some primes from the modular
exponential (modp) exponentional groups as specified
Hi,
On 10/22/07, Andy Polyakov via RT [EMAIL PROTECTED] wrote:
avc: denied { execmod } for pid=1875 comm=ntpdate \
path=/usr/lib/i686/cmov/libcrypto.so.0.9.8 dev=sda8 ino=325290 \
scontext=system_u:system_r:initrc_t:s0 \
tcontext=system_u:object_r:lib_t:s0 tclass=file
since openssl release 0.9.8f the test suite of ipsec-tools test suite
fails in the Diffi-Hellman test which uses the openssl DH API.
The calculated shared secret does not match.
The problem appears only with some primes from the modular
exponential (modp) exponentional groups as specified in
On Mon, Oct 22, 2007 at 12:07:30PM +0200, Simon Vallet via RT wrote:
Hi,
On 10/22/07, Andy Polyakov via RT [EMAIL PROTECTED] wrote:
avc: denied { execmod } for pid=1875 comm=ntpdate \
path=/usr/lib/i686/cmov/libcrypto.so.0.9.8 dev=sda8 ino=325290 \
Looking at the build system, it seems the culprits are the following
files:
crypto/x86cpuid-elf.s
crypto/des/dx86-elf.s
crypto/aes/ax86-elf.s
crypto/bf/bx86-elf.s
Well, these .o files can contain relocations, but they get resolved and
*disappear* when libcrypto.so is linked. If you want
Hello OpenSSL developers,
Any reason why not merge the patch into snapshots?
http://rt.openssl.org/Ticket/Display.html?id=1451
It is important for people who wish to compile to Microsoft platform
without using any Microsoft resources.
Best Regards,
Alon Bar-Lev
Hi again,
On 10/22/07, Simon Vallet [EMAIL PROTECTED] wrote:
As mentioned, I don't have access to the box or the build log right
now, but I think -Wa,--noexecstack was indeed specified in configure,
and I think the generated .so do in fact contain text relocs. I will
check this manually
It appears I answered too quickly...
On 10/23/07, Simon Vallet [EMAIL PROTECTED] wrote:
Hi again,
On 10/22/07, Simon Vallet [EMAIL PROTECTED] wrote:
As mentioned, I don't have access to the box or the build log right
now, but I think -Wa,--noexecstack was indeed specified in configure,
11 matches
Mail list logo
