Subject: Re: shared objects installed without execute permission bogus warning?
To: grant beattie <grant@NetBSD.org>
From: Todd Vierling <firstname.lastname@example.org>
Date: 10/27/2004 20:39:22
On Thu, 28 Oct 2004, grant beattie wrote:
> > I want to make sure all packages are watched for improper permissions [on
> > all platforms using ELF/a.out-style shlibs] so that the package maintainers
> > will fix these things. Even if some platforms have loose permissions, it is
> > a bug, and should not be foisted upon just one person or a small group of
> > persons to clean up everyone else's mess.
> that's precisely why I suggested the change.
> we are now effectively forcing our ways on users/platforms that
> relaxed such requirements a long time ago, for absolutely *no* gain.
As I mentioned, there have been musings about various ways to reduce the
exposure of mmap's PROT_EXEC (on various Un*xen), and one such way is
reintroducing the inode execute permission bit as a constraint. That much
aside, the warnings encourage pkgsrc maintainers to fix third party software
to be more portable, which is a real-world gain.
You can certainly feel free to ignore the warnings. They don't hurt you,
and certainly don't cause the software to break on such "relaxed"
platforms.[*] But they do offer a way to ensure that the bug gets noticed.
[*] Which makes me wonder what the big deal is. It's just a few lines of
text in the build output; what is the problem? Would putting the code
in question under PKG_DEVELOPER=YES make it more palatable?
-- Todd Vierling <email@example.com> <firstname.lastname@example.org>