[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fwd: Re: [Tinycc-devel] re: Selinux patch fixup]

From: grischka
Subject: [Fwd: Re: [Tinycc-devel] re: Selinux patch fixup]
Date: Tue, 27 Apr 2010 13:29:56 +0200
User-agent: Thunderbird (Windows/20090812)

---------- Forwarded to the list ----------

From: Henry Kroll III <address@hidden>

On Mon, 2010-04-26 at 01:08 +0200, grischka wrote:
Anyway, do what you need to feel comfortable, and don't forget to tell
us what new features we now have and how people can try them out, at
some point.

The new options (*nix only)
* (Option) --with-selinux
* (Option) --disable-static

Todo: make sure these "options" don't interfere with what's already


        I should really add a line that says these options won't work
        with win32 builds. It could be built as a .dll however, that is
        over my head at the moment.

        --disable-static is not a very good descriptive name. I think it
        should be --enable-shared, but people will expect
        --disable-static because so many other packages use it. :|

        On *nix, these patches make static library, libtcc.a become a
        shared library, libtcc.so.1.0 with links to libtcc.so and
        libtcc.so.1. These extra links are apparently necessary for
        linking against the library and loading it dynamically. The
        file, libtcc_test is built dynamically against this library and
        apparently works, loading the library, which now optionally
        works under Selinux with --with-selinux, also known by me as the
        mmap patch...

        Also incompatible with win32, this patch works by (optionally)
        using mmap instead of malloc...return (*prog_main)(argc, argv).
        Essentially, a /tmp file is created +wx and then immediately
        unlinked, so no files remain if the process decides to take a
        dump. Some memory is allocated for reading and writing through
        this (non-existent) file pointer. After that is done, memory can
        be accessed through 2 randomized pointers, one of them can be
        written. The other can be executed. The docs on this say an
        attacker will have a tough time writing and executing the same
        block of memory, thus making programs written for tcc -run more
        secure...I guess they are right. I certainly feel more secure
        after wading through all these docs.

        At least it gets around errors that Selinux pops up when tcc
        -run is attempted on Fedora. The errors basically say that I am
        trying to write to and execute the same block of memory and that
        it has been disallowed. These changes work around these errors
        in the recommended way.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]