Bugs item #2940646, was opened at 2010-01-27 01:34
Message generated for change (Settings changed) made by sf-robot
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2940646&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: http
Group: portability problem
>Status: Closed
Resolution: None
Priority: 5
Private: No
Submitted By: j i (jivers)
Assigned to: Daniel Stenberg (bagder)
Summary: text relocation breaks SElinux security for http on redhat

Initial Comment:
SE Linux error on Centos 5 (open redhat enterprise clone)

Info on how to fix
http://people.redhat.com/drepper/selinux-mem.html documents this security hole

The httpd application attempted to load /usr/local/lib/libcurl.so.4.1.1 which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/local/lib/libcurl.so.4.1.1 to use relocation as a workaround, until the library is fixed. Please file a bug report against this package.

----------------------------------------------------------------------

>Comment By: SourceForge Robot (sf-robot)
Date: 2010-02-15 02:20

Message:
This Tracker item was closed automatically by the system. It was
previously set to a Pending status, and the original submitter
did not respond within 14 days (the time period specified by
the administrator of this Tracker).

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2010-01-31 22:35

Message:
Thanks for reporting this issue and helping us improve curl and libcurl.

We're awaiting feedback in this issue. Due to this, I have set the state of
this issue to pending and it will automatically get closed later on unless
we get further info.

Please consider answering the outstanding questions or providing the
missing info so that we can proceed to resolve this issue!

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2010-01-27 08:32

Message:
Sorry, I read the link you mention but I clearly am too slow or stupid.

Can you please tell me exactly what the bad parts are in libcurl, like what
function calls or line numbers or something and what you say we should do
about them?

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2940646&group_id=976
Received on 2010-02-15