[Mageia-dev] executable libraries

Guillaume Rousse guillomovitch at gmail.com
Sat Mar 3 13:45:37 CET 2012


Le 02/03/2012 22:01, Per Øyvind Karlsen a écrit :
> Den 21:51 2. mars 2012 skrev Maarten Vanraes<alien at rmail.be>  følgende:
>> Op vrijdag 02 maart 2012 21:29:05 schreef Anssi Hannula:
>>> 02.03.2012 21:57, Maarten Vanraes kirjoitti:
>>>> Op vrijdag 02 maart 2012 15:22:23 schreef Anssi Hannula:
>>>>> 02.03.2012 00:17, Maarten Vanraes kirjoitti:
>>>>>> Op donderdag 01 maart 2012 23:05:35 schreef Anssi Hannula:
>>>>>> [...]
>>>>>>
>>>>>>>> does this mean debug info fails for these?
>>>>>>>
>>>>>>> I'm not immediately sure (I never remember how the debug/stripping
>>>>>>> stuff works exactly), but I think either a) debug symbols extraction
>>>>>>> and thus -debug packaging, b) stripping, or c) both will fail with
>>>>>>> non-executable shared libs.
>>>>>>
>>>>>> in that case i guess we would need a policy or bs check to make sure we
>>>>>> don't fail some libraries debug and strip
>>>>>
>>>>> Possibly.
>>>>>
>>>>> Interestingly, Debian policy disallows executable permission on shared
>>>>> libs:
>>>>> http://www.debian.org/doc/debian-policy/ch-sharedlibs.html#s-sharedlibs-
>>>>> ru ntime
>>>>>
>>>>> "Shared libraries should not be installed executable, since the dynamic
>>>>> linker does not require this and trying to execute a shared library
>>>>> usually results in a core dump."
>>>>
>>>> which is sort of strange, since libc is actually executable by design.
>>>>
>>>> i see where they are coming from
>>>>
>>>> but i guess the first part of this is, why is there a find with
>>>> executable restrictions for the code relating to stripped binaries and
>>>> debug?
>>>>
>>>> is it because it's also used for real executables?
>>>
>>> I guess it is there just to speed up the process, otherwise it would
>>> have to run 'file' for every file in the package (and many packages have
>>> lots of files).
>>
>> still, it seems kind of weird, there are rpmlint checks for unstripped
>> libraries, but i do have 34 libraries not marked as executable, while the
>> stripping+ debug seems to target only executables?
>>
>> i wonder if we should make another check library unset as executable or even
>> check what happened with these libraries not marked as executable?
> I posted a link to a rpmlint patch implementing such a check to this thread two
> hours ago.. :p
I don't much point to a check, when a rpm-helper scriptlet would be able 
to automatically enforce any given permission set.

-- 
Mines are equal opportunity weapons
		-- Murphy's Military Laws n°55


More information about the Mageia-dev mailing list