From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.50) id 1EU9vC-0000GM-Rv for garchives@archives.gentoo.org; Mon, 24 Oct 2005 21:31:59 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id j9OLToFV017748; Mon, 24 Oct 2005 21:29:50 GMT Received: from mail.nagafix.co.uk (mail.nagafix.co.uk [194.145.196.85]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id j9OLTn7h017538 for ; Mon, 24 Oct 2005 21:29:49 GMT Received: by mail.nagafix.co.uk (Postfix, from userid 65534) id 00C30AEF82; Tue, 25 Oct 2005 04:35:36 +0100 (BST) Received: from localhost (localhost [127.0.0.1]) by mail.nagafix.co.uk (Postfix) with ESMTP id 2B0A1AEF83 for ; Tue, 25 Oct 2005 04:35:36 +0100 (BST) Received: from mail.nagafix.co.uk ([127.0.0.1]) by localhost (viper.nagafix.co.uk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 10705-13 for ; Tue, 25 Oct 2005 04:35:32 +0100 (BST) Received: from [192.168.0.2] (host-87-74-41-228.bulldogdsl.com [87.74.41.228]) by mail.nagafix.co.uk (Postfix) with ESMTP id E32FCAEF82 for ; Tue, 25 Oct 2005 04:35:31 +0100 (BST) Subject: Re: [gentoo-hardened] mysql 4.1 requires shlib_t:file execmod? From: Antoine Martin To: gentoo-hardened@lists.gentoo.org In-Reply-To: <435D6D0E.27558.B0591158@pageexec.freemail.hu> References: <435D021A.9571.AEB74AE1@pageexec.freemail.hu> <435D6D0E.27558.B0591158@pageexec.freemail.hu> Content-Type: text/plain Organization: Nagafix Ltd Date: Mon, 24 Oct 2005 22:29:43 +0100 Message-Id: <1130189383.17424.11.camel@localhost.localdomain> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 (2.2.3-2.fc4) Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at viper.nagafix.co.uk X-Spam-Checker-Version: SpamAssassin 3.0.4-gr0 (2005-06-05) on viper.nagafix.co.uk X-Spam-Level: X-Spam-Status: No, score=-0.2 required=5.0 tests=AWL,DATE_IN_PAST_06_12 autolearn=no version=3.0.4-gr0 X-Archives-Salt: fc9177d0-b0a8-495f-9e5f-85b32a1c5d28 X-Archives-Hash: a39b4d62ad9c7f7ab0424f67f9ab7a29 On Mon, 2005-10-24 at 23:23 +0200, pageexec@freemail.hu wrote: > On 24 Oct 2005 at 20:15, Antoine Martin wrote: > > But this is not the right way to do it, I admit this is only a very tiny > > security risk, but I would much rather figure out a way to fix the > > library to not require execmod. No other library requires it, and the > > previous version of mysql I was using (4.0) didn't either. > > indeed, the underlying reason is what we remedied, or so i > thought so i'm all the more curious how you ended up with > textrels again. fwiw, i can't find any DES related symbols > in 4.1.14 and 5.0.13, so i'm wondering if it's USE flag > dependent maybe (in which case mysql is probably statically > linking a crypto library). what are yours? USE="-X mysql sasl ipv6 nptl hardened" dev-db/mysql-4.1.14 +berkdb -big-tables -cluster -debug -doc -extraengine -geometry -minimal +perl +readline +selinux +ssl -static +tcpd -utf8 Antoine -- gentoo-hardened@gentoo.org mailing list