cURL
Haxx ad
libcurl
Mailing Lists

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker mailing list Archives

[ curl-Bugs-2940646 ] text relocation breaks SElinux security for http on redhat

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Sun, 31 Jan 2010 22:35:00 +0000

Bugs item #2940646, was opened at 2010-01-27 02:34
Message generated for change (Comment added) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2940646&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: http
Group: portability problem
>Status: Pending
Resolution: None
Priority: 5
Private: No
Submitted By: j i (jivers)
Assigned to: Daniel Stenberg (bagder)
Summary: text relocation breaks SElinux security for http on redhat

Initial Comment:
SE Linux error on Centos 5 (open redhat enterprise clone)

Info on how to fix
http://people.redhat.com/drepper/selinux-mem.html documents this security hole

The httpd application attempted to load /usr/local/lib/libcurl.so.4.1.1 which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/local/lib/libcurl.so.4.1.1 to use relocation as a workaround, until the library is fixed. Please file a bug report against this package.

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2010-01-31 23:35

Message:
Thanks for reporting this issue and helping us improve curl and libcurl.

We're awaiting feedback in this issue. Due to this, I have set the state
of this issue to pending and it will automatically get closed later on
unless we get further info.

Please consider answering the outstanding questions or providing the
missing info so that we can proceed to resolve this issue!

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2010-01-27 09:32

Message:
Sorry, I read the link you mention but I clearly am too slow or stupid.

Can you please tell me exactly what the bad parts are in libcurl, like
what function calls or line numbers or something and what you say we should
do about them?

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2940646&group_id=976
Received on 2010-01-31

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET