[cochiselinux] exec-shield and compile problems
- From: <prevettl@xxxxxxxxxxxx>
- To: cochiselinux@xxxxxxxxxxxxx
- Date: Wed, 14 Sep 2005 09:46:08 -0700
I had some trouble getting some older programs
to compile on FC2. gforth, for instance, was
giving me compiler errors like:
# in file included from *the terminal*:0
# *evaluated string*:-1: images produced by different engines
# comp-image ./temp-image.fi1 ./temp-image.fi2 gforth.fi bye
# ^^^^^^^^^
This apparently has to do with new security enhancements
in RH9 through current releases: "exec-shield" and
"exec-shield-randomize"
have been put in to make buffer overflows less likely.
some details on exec-shield
http://www.redhat.com/f/pdf/rhel/WHP0006US_Execshield.pdf
http://people.redhat.com/drepper/nonselsec.pdf
So I turned exec-shield and exec-shield-randomize off
to get the programs to compile (configure, make, no make install).
echo 0 > /proc/sys/kernel/exec-shield
echo 0 > /proc/sys/kernel/exec-shield-randomize
Then I turned them back on and the programs seem to
run just fine.
echo 1 > /proc/sys/kernel/exec-shield
echo 1 > /proc/sys/kernel/exec-shield-randomize
I'm just now trying to figure out what the consequences
of doing this are. For instance, is exec-shield unable
to protect programs that have been compiled with exec-shield
off? Or is exec-shield still going to work for those programs
(like gforth)?
Anyone else have any experience with this?
Is exec-shield worth all the trouble?
Any ideas on a better way to handle these programs
that won't compile?
lp
--------------------------------------------------------------------
Cochise Linux Users Group Mailing List - cochiselinux@xxxxxxxxxxxxx
For more information: http://www.cochiselinux.org
To unsubscribe: //www.freelists.org/list/cochiselinux
Other related posts:
- » [cochiselinux] exec-shield and compile problems
