nixpkgs

History

Ruud van Asseldonk 8b6a9202e7 libressl: build libcrypto with noexecstack For some reasons, libcrypto would be built with the executable stack flag set. I found out about this when Nginx failed to load the shared library, because I was running it with MemoryDenyWriteExecute=true, which does not permit executable stacks. I am not sure why the stack ends up executable; the other shared libraries which are part of LibreSSL do not have this flag set. You can verify this with 'execstack -q'. Non-executable stacks should be the default, and from checking some other files, that does appear to be the case. The LibreSSL sources do not contain the string "execstack", so I am not sure what causes the default to be overridden. Adding '-z noexecstack' to the linker flags makes the linker unset the flag. Now my Nginx can load the library, and so far I have not run into other issues.	2019-08-10 22:21:57 +02:00
..
default.nix	libressl: build libcrypto with noexecstack	2019-08-10 22:21:57 +02:00

Ruud van Asseldonk 8b6a9202e7 libressl: build libcrypto with noexecstack

For some reasons, libcrypto would be built with the executable stack
flag set. I found out about this when Nginx failed to load the shared
library, because I was running it with MemoryDenyWriteExecute=true,
which does not permit executable stacks.

I am not sure why the stack ends up executable; the other shared
libraries which are part of LibreSSL do not have this flag set. You can
verify this with 'execstack -q'. Non-executable stacks should be the
default, and from checking some other files, that does appear to be the
case. The LibreSSL sources do not contain the string "execstack", so
I am not sure what causes the default to be overridden.

Adding '-z noexecstack' to the linker flags makes the linker unset the
flag. Now my Nginx can load the library, and so far I have not run into
other issues.

2019-08-10 22:21:57 +02:00

default.nix

libressl: build libcrypto with noexecstack

2019-08-10 22:21:57 +02:00