Bug report on yate-core: accfile.yate crashes with exit status 139

Tzafrir Cohen tzafrir.cohen at xorcom.com
Thu Jun 27 09:21:33 UTC 2013


Hi,

Thanks for your reply,

On Thu, Jun 27, 2013 at 11:26:54AM +0300, Paul Chitescu wrote:
> On Thursday 27 June 2013 10:21:22 am Tzafrir Cohen wrote:
> > On Wed, Jun 26, 2013 at 01:38:05PM -0400, Alexandre Rebert wrote:
> > > Hi,
> > >
> > > We found a crash in accfile.yate contained in the yate-core package. You
> > > are being
> > >
> > >
> > > The bug report that will be submitted to the bug tracker is available at
> > > the following url:
> > >
> > >  
> > > http://www.forallsecure.com/bug-reports/c4d2fdf3067e4fd5a9783f2df52daba63
> > >f8a334d/
> >
> > So the issue here is that yate modules are executable, but should not
> > be, right?
> >
> > (Thanks to Dekkers on #yate).
> >
> > I figure it is fixable in the Debian packaging, but better be fixed in
> > the Upstream install procedure. Didn't look in either, though.
> 
> Hi!
> 
> The problem here lies with the automated test script that tries to execute 
> blindly any ELF that's marked executable (I assume those having .so in name 
> are excepted).

They are shared objects that are loaded using dlopen() or similar. Is
there any requirement (on any platform) that they would be executable?

Other packages with such loadable modules on my system don't have them
executable.

> 
> On Linux the Yate modules are ELF shared objects and they are marked 
> executable by the linker. However, they are placed away from $PATH in a 
> separate subdirectory so noone should try to execute them directly.
> 
> Note that there are platforms where security rules dictate a shared object is 
> not loaded if it's not marked executable so please leave them untouched.

What platforms? How do other programs with loadable modules deal with
it?

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com



More information about the Pkg-voip-maintainers mailing list