gpg: PT_GNU_STACK RWE

[Ivan Gyurdiev]

Hi, I've subscribed to this list just to post this one question.

The gpg binary is marked with PT_GNU_STACK RWE.
This creates problems for the SELinux strict policy, and requires that
special privileges be granted for gpg as a "legacy domain".

The question is, does gpg really require an executable stack?

I'm not a gcc expert of any kind, but from what I've read I understand
that asm code causes gcc to mark the binary as requiring executable
stack. I think it can be overridden with ld -z noexecstack.

It would be a lot easier to write the gpg security policy
if it didn't require executable stack.

-- 
Ivan Gyurdiev <ivg2 at cornell.edu>
Cornell University