Andrew Lentvorski wrote:
Gus Wirth wrote:
As a side note, they have some interesting stuff about their build
process, like statically linking libstdc++.so.6 and problems with text
relocations.
This was enlightening:
"For number 1, we embarked on a new adventure to build a super-special
custom toolchain that builds libstdc++.so.6 just right so that it can be
static linked with the plugin without those nagging textrels. The ASM
optimization bits are giving us some problems but Tinic thinks he has a
way to make those functions play ball in order to create a fast binary.
So now the plugin works on hardened Linux or SELinux or whatever the
right buzzword is; it works with a Linux distro that uses the security
feature of randomizing a program's base address."
And that is a fine example of why I immediately turn off SELinux.
But doesn't this mean the hardening and/or SELinux are working properly?
In other words, the idea is to randomize loading locations in memory in
order to prevent buffer overflow attacks in a known location. If you
have to turn it off, that means your app can't be used in a hardened
environment and you jeopardize the rest of the machine.
I think the guys at Adobe/Macromedia should be praised for making sure
this works in a hardened environment. Despite the fact that Flash itself
is evil :)
Gus
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
