Subject: Re: shared objects installed without execute permission bogus warning?
To: grant beattie <>
From: Todd Vierling <>
List: tech-pkg
Date: 10/27/2004 20:39:22
On Thu, 28 Oct 2004, grant beattie wrote:

> > I want to make sure all packages are watched for improper permissions [on
> > all platforms using ELF/a.out-style shlibs] so that the package maintainers
> > will fix these things.  Even if some platforms have loose permissions, it is
> > a bug, and should not be foisted upon just one person or a small group of
> > persons to clean up everyone else's mess.
> that's precisely why I suggested the change.
> we are now effectively forcing our ways on users/platforms that
> relaxed such requirements a long time ago, for absolutely *no* gain.

As I mentioned, there have been musings about various ways to reduce the
exposure of mmap's PROT_EXEC (on various Un*xen), and one such way is
reintroducing the inode execute permission bit as a constraint.  That much
aside, the warnings encourage pkgsrc maintainers to fix third party software
to be more portable, which is a real-world gain.

You can certainly feel free to ignore the warnings.  They don't hurt you,
and certainly don't cause the software to break on such "relaxed"
platforms.[*]  But they do offer a way to ensure that the bug gets noticed.


[*] Which makes me wonder what the big deal is.  It's just a few lines of
    text in the build output; what is the problem?  Would putting the code
    in question under PKG_DEVELOPER=YES make it more palatable?

-- Todd Vierling <> <>