> it appears the optimized versions of libcrypto.so.0.9.8 still contain
> text relocations -- this makes selinux complain about 'execmod'
> permissions:
>
> avc: denied { execmod } for pid=1875 comm="ntpdate" \
> path="/usr/lib/i686/cmov/libcrypto.so.0.9.8" dev=sda8 ino=325290 \
> scontext=system_u:system_r:initrc_t:s0 \
> tcontext=system_u:object_r:lib_t:s0 tclass=file
How do you map this message to "still contain text relocations"?
> Looking at the build system, it seems the culprits are the following
> files:
>
> crypto/x86cpuid-elf.s
> crypto/des/dx86-elf.s
> crypto/aes/ax86-elf.s
> crypto/bf/bx86-elf.s
Well, these .o files can contain relocations, but they get resolved and
*disappear* when libcrypto.so is linked. If you want confirmation that
they disappear run 'readelf -r libcrypto.so' and verify that no
relocations are accounted to .text segment [you'd have to run 'readelf
-e libcrypto.so' to find where .text is located].
The problem is more likely to be that OpenSSL assembler modules don't
have special comment that marks stack segment non-executable. It's
tricky to figure out when this is allowed, so if so required we
recommend to configure with -Wa,--noexecstack option instead. A.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
