Ivan Gyurdiev ivg2 at
Wed Feb 23 04:42:34 CET 2005

Hi, I've subscribed to this list just to post this one question.

The gpg binary is marked with PT_GNU_STACK RWE.
This creates problems for the SELinux strict policy, and requires that
special privileges be granted for gpg as a "legacy domain".

The question is, does gpg really require an executable stack?

I'm not a gcc expert of any kind, but from what I've read I understand
that asm code causes gcc to mark the binary as requiring executable
stack. I think it can be overridden with ld -z noexecstack.

It would be a lot easier to write the gpg security policy
if it didn't require executable stack.

Ivan Gyurdiev <ivg2 at>
Cornell University

More information about the Gnupg-devel mailing list