[MPlayer-dev-eng] Mplayer: PT_GNU_STACK RWE
Ivan Gyurdiev
ivg2 at cornell.edu
Wed Feb 23 12:41:26 CET 2005
On Wed, 2005-02-23 at 11:06 +0100, Reimar Döffinger wrote:
>Hi,
>On Tue, Feb 22, 2005 at 09:20:12PM -0500, Ivan Gyurdiev wrote:
>> It would be a lot easier to write the mplayer security policy
>> if it didn't require executable stack.
>
>Just try what it break if it doesn't get it and tell us. Anyway one case
>where it was really needed (one of the software scalers) was recently
>fixed.
Well, the thing is, if it's marked RWE, and it isn't granted
the appropriate privileges in SELinux, it doesn't work at all.
The problem is, I think, that the kernel translates all PROT_READ
requests in mmap and mprotect to PROT_READ | PROT_EXEC for things
marked PT_GNU_STACK RWE, or for things missing PT_GNU_STACK.
At that point anything without special permissions won't even link,
so it doesn't work at all.
mplayer could be granted those privileges, but that shouldn't be
necessary if it doesn't need them.
>Chances are that even if it needs it you wont notice it because you
>don't need that particular feature ;-).
Well, if that's the case then I don't know how me testing it will help.
If you're saying this only occurs for some less frequently features,
then you (the developers) are probably more qualified to find out
what they are.
I think linking with -z noexecstack should fix it - not sure.
--
Ivan Gyurdiev <ivg2 at cornell.edu>
Cornell University
More information about the MPlayer-dev-eng
mailing list