From lurker-index@localhost Wed Apr 27 23:32:42 2016 Date: Wed, 27 Apr 2016 23:32:42 +0200 From: Miroslav Rovis To: Good Guy Subject: Re: [Re: [CinCV TNG] Building in Gentoo Message-ID: <20160427213242.GD32227@g0n> References: <20160427172235.GB32227@g0n> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="zbGR4y+acU1DwHSi" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23+116 (55ea6e829b46) (2014-03-12) --zbGR4y+acU1DwHSi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 160427-13:05-0600, Good Guy wrote: > > I hoped setting: > > > > export LDFLAGS+=3D-Wl,-z,noexecstack > > > > in the terminal where I compiled Cinelerra-5.1 would compile it the > > right way. > > >=20 > I am not familiar with noexecstack, but it may be used to enforce the > nx bit (no execute). if it is, it is not likely that I would be able > to tell if it works or not but, for what its worth, here is a way to > give it a try. >=20 > cd cinelerra5/cinelerra-5.1 > echo "EXTRA_LIBS +=3D -lva" >> global_config > echo "EXTRA_LIBS +=3D -Wl,-z,noexecstack" >> global_config > sed -e '1,1c#!/usr/bin/python2.7' -i guicast/bccmdl.py > sed -e '/^bcxfer.C:/,+1s/python/python2.7/' -i guicast/Makefile > ./configure shared > make >& log So all is as before just this line was to be added: > echo "EXTRA_LIBS +=3D -Wl,-z,noexecstack" >> global_config=20 > And I did so, in that place. And ran all of it as usual. > I tried this line in global_config to apply the -Wl,-z,noexecstack flag > to the cinelerra link. It did compile and link in fedora23, and I > can see the flags was used in cinelerra-5.1/x86_64/objs. it is not > clear if it works, the effect is seen in the page tables, not user space. > It does work. make produced no errors, and Cinelerra 5.1 almost ran! > This feature is pretty exotic, and may not be of practical use, since > most people who own their computer already know the root password. root is obsolete. Have a look at linux capabilities man page... What Torvalds put in! For what? For whom? Read what spender, the developer of grsecurity writes about linux capabilities I have to interrupt myself here. What I fear they would do, they just started doing. They have removed, and from all my posts on Gentoo Forums, today I think, all my signatures. In all my posts, it was, as any other member's signature, added in bottom of the post, just like here (which is a saved page): A Firewalled Internet Access to Internal Subnet http://www.croatiafidelis.hr/foss/cap/cap-160321-NAT/for-Gentoo-folks/Gento= oForums_topic_Firewalled-Internet-to-subnet.html Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr Try refute: rootkit hooks in kernel, [ contains link: http://www.crmbuyer.com/story/39565.html of title "Developer Raps Linux Security" ] linux capabilities for intrusion? (Linus?) [ contains link: https://forums.grsecurity.net/viewtopic.php?f=3D7&t=3D2522 of title "False Boundaries and Arbitrary Code Execution" ] And that has, I think today, been removed from all of my posts on Gentoo Forums. Interruption over. [Read what spender, the developer of grsecurity writes about linux capabilities] wrote: False Boundaries and Arbitrary Code Execution https://forums.grsecurity.net/viewtopic.php?f=3D7&t=3D2522 So, the below, I don't think it's not useful for anybody who does not want to be owned... > It is most useful for institutional systems, and I am not sure cinelerra > would be in use in these cases. Given the hack at Sony studios, > maybe... maybe.... anyhow, it is sort of interesting, hope it is useful > for you. > But let me explain how Cinelerra started and why it exited. But let me start clean, too many digression above. In the next message. >=20 > On Wed, Apr 27, 2016 at 11:22 AM, Miroslav Rovis < > miro.rovis@croatiafidelis.hr> wrote: >=20 > > I pulled the changes and recompiled a few times, with the attempt below. > > > > I hoped setting: --=20 Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr --zbGR4y+acU1DwHSi Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXIS/6AAoJEOqYhIhPuvCuBa0P/iGdm6LHlbD4qNGhtMV5Uu7m NwDlu0XGF4VGWgiKC1lMbhHmGw7R8DFLysDortSakc7w8AEaLNdrLJrUX4JbukG9 7yq4eZv8+PlwBNqWxLd74xpNaKgZONJoiOmLWDqbOFvGuPLowJDBGEeF4PdKnekR Jl9PBI3pfTag8ekbS0GlFYVvZWUHYLb/P+XKl9EeTEHIkP3HK94cW2duPlKhHuun 8EnZLIzlY6btufmigpXO2ztx+/SsAuatKIJMn9L+4RM2hUDBmZe+J+1aN1kvtQMY uLSsVDNF8R6f6c+4ahaFCspmxGSwgfr3/kfO5rBL1LtkSgAnI1oISKuveyWnzk9g RDBLdF9q14h6mmbRFpZC5uo1rcLtrYlp/Hkw9BREzZ1766wZFiQgrCBPq1ArLt0c 0mSwL8zbJC7g/Olz/Jn+4aVSxZIy0gLbb1qJEznDzWVkBvmhU7TMzzdVRV+y7txd SwyEAY8lbzTMvCO1Ipipi70MeQ5TY+d0Q+QeVZQuHcnUkFfH47fgxYnxNQe2lIVv xAQ9Rt5RsS9rDUJIVNPlvaxMQXP+83P12hJCBUlT93d4/mqhDr5lyMO5Gxyv3wjP cUVFRWGqhuzoT52vIfgPSlpUcGPQvzVJaaOyKOrpf46ss5NW+aSDTBITqEgzhMXg SlVNQCv7DBPG7h4pG25r =o3EJ -----END PGP SIGNATURE----- --zbGR4y+acU1DwHSi--