snowflake-client has executable stack
Running this command shows that the snowflake-client binary has an executable stack:
$ readelf -W -l TorBrowser/Tor/PluggableTransports/snowflake-client | grep GNU_STACK
GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RWE 0x10(RWE should be RW when the stack is not executable)
Activity
Hmm, looking at the go linker it seems like PT_GNU_STACK should be set: https://golang.org/src/cmd/link/internal/ld/elf.go#L240
The proxy-go instances have the same problem, but the broker does not:
$ readelf -W -l broker Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW 0x8I wonder if this has something to do with CGO
Trac:
Owner: N/A to cohosh
Status: new to assigned-
Yep, it's a cgo thing.
The solution here is to add the
noexecstackcgo LD flag to go-webrtc:#cgo LDFLAGS: -L${SRCDIR}/lib -z noexecstackHowever, this will currently throw an error because of golang's whitelist on linker and compiler options. This can be solved by setting the environment variable
CGO_LDFLAGS_ALLOWto a regex that recognizes the-z noexecstackoption.I'll work on a patch for this.
-
I created a pull request for go-webrtc: https://github.com/keroserene/go-webrtc/pull/105
I've also attached a patch to this ticket, we'll have to wait until the above pull request is accepted before we can test if it works so I'll leave this as assigned until then.
This seems to be something to review for us? Setting the respective keyword. So, is this just a Linux issue or not? comment:4 seems to suggest so, but the patch touches non-Linux parts as well (like in the
goconfig file) which confuses me.Trac:
Keywords: N/A deleted, TorBrowserTeam201905R added
Status: needs_review to needs_information-
Replying to gk:
This seems to be something to review for us? Setting the respective keyword. So, is this just a Linux issue or not? comment:4 seems to suggest so, but the patch touches non-Linux parts as well (like in the
goconfig file) which confuses me.That was my bad, I forgot to make the environment variable change for linux only. I uploaded a new version of the patch that should fix this.
Trac:
Status: needs_information to needs_review -
Per chat with cohosh: I'd take the patch if there is an upcoming release anyway but I'd prefer if we can get the fix merged upstream as any additional patch we need in
tor-browser-buildis a bug we should try to fix. I heard there are folks in Cc to this ticket who are able to review and push the pull request. Let's try to go that route first with a new patch that just updates thego-webrtccommit once the patch landed.Trac:
Status: needs_review to needs_revision
Keywords: TorBrowserTeam201905R deleted, TorBrowserTeam201905 added -
It turns out there's an easier way to handle this by putting the cgo directives into an environment variable. I attached a new version of the patch to this ticket.
My reasoning for putting this in
projects/go/configas opposed to justprojects/go-webrtc/configis that this problem will occur in all go projects that use cgo, and it also allows us to use the template build scriptprojects/go/var/build_go_libingo-webrtc.Trac:
Status: needs_revision to needs_review -
Replying to cohosh:
It turns out there's an easier way to handle this by putting the cgo directives into an environment variable. I attached a new version of the patch to this ticket.
My reasoning for putting this in
projects/go/configas opposed to justprojects/go-webrtc/configis that this problem will occur in all go projects that use cgo, and it also allows us to use the template build scriptprojects/go/var/build_go_libingo-webrtc.Nice! Looks good to me. Applied to
tor-browser-build'smaster(commit 24f585bf1851bfa022128a5b587b7c0940ec775c).Trac:
Status: needs_review to closed
Resolution: N/A to fixed