gpg: PT_GNU_STACK RWE
ivg2 at cornell.edu
Wed Feb 23 04:42:34 CET 2005
Hi, I've subscribed to this list just to post this one question.
The gpg binary is marked with PT_GNU_STACK RWE.
This creates problems for the SELinux strict policy, and requires that
special privileges be granted for gpg as a "legacy domain".
The question is, does gpg really require an executable stack?
I'm not a gcc expert of any kind, but from what I've read I understand
that asm code causes gcc to mark the binary as requiring executable
stack. I think it can be overridden with ld -z noexecstack.
It would be a lot easier to write the gpg security policy
if it didn't require executable stack.
Ivan Gyurdiev <ivg2 at cornell.edu>
More information about the Gnupg-devel