On 160427-13:05-0600, Good Guy wrote:
> > I hoped setting:
> >
> > export LDFLAGS+=-Wl,-z,noexecstack
> >
> > in the terminal where I compiled Cinelerra-5.1 would compile it the
> > right way.
> >
>
> I am not familiar with noexecstack, but it may be used to enforce the
> nx bit (no execute). if it is, it is not likely that I would be able
> to tell if it works or not but, for what its worth, here is a way to
> give it a try.
>
> cd cinelerra5/cinelerra-5.1
> echo "EXTRA_LIBS += -lva" >> global_config
> echo "EXTRA_LIBS += -Wl,-z,noexecstack" >> global_config
> sed -e '1,1c#!/usr/bin/python2.7' -i guicast/bccmdl.py
> sed -e '/^bcxfer.C:/,+1s/python/python2.7/' -i guicast/Makefile
> ./configure shared
> make >& log
So all is as before just this line was to be added:
> echo "EXTRA_LIBS += -Wl,-z,noexecstack" >> global_config
>
And I did so, in that place. And ran all of it as usual.
> I tried this line in global_config to apply the -Wl,-z,noexecstack flag
> to the cinelerra link. It did compile and link in fedora23, and I
> can see the flags was used in cinelerra-5.1/x86_64/objs. it is not
> clear if it works, the effect is seen in the page tables, not user space.
>
It does work. make produced no errors, and Cinelerra 5.1 almost ran!
> This feature is pretty exotic, and may not be of practical use, since
> most people who own their computer already know the root password.
root is obsolete. Have a look at linux capabilities man page... What
Torvalds put in! For what? For whom? Read what spender, the developer of
grsecurity writes about linux capabilities
I have to interrupt myself here. What I fear they would do, they just
started doing. They have removed, and from all my posts on Gentoo
Forums, today I think, all my signatures. In all my posts, it was, as
any other member's signature, added in bottom of the post, just like
here (which is a saved page):
A Firewalled Internet Access to Internal Subnet
http://www.croatiafidelis.hr/foss/cap/cap-160321-NAT/for-Gentoo-folks/GentooForums_topic_Firewalled-Internet-to-subnet.html
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Try refute: rootkit hooks in kernel,
[ contains link:
http://www.crmbuyer.com/story/39565.html of title
"Developer Raps Linux Security" ]
linux capabilities for intrusion? (Linus?)
[ contains link:
https://forums.grsecurity.net/viewtopic.php?f=7&t=2522
of title "False Boundaries and Arbitrary Code Execution" ]
And that has, I think today, been removed from all of my posts on Gentoo
Forums.
Interruption over.
[Read what spender, the developer of grsecurity writes about linux
capabilities] wrote:
False Boundaries and Arbitrary Code Execution
https://forums.grsecurity.net/viewtopic.php?f=7&t=2522
So, the below, I don't think it's not useful for anybody who does not
want to be owned...
> It is most useful for institutional systems, and I am not sure cinelerra
> would be in use in these cases. Given the hack at Sony studios,
> maybe... maybe.... anyhow, it is sort of interesting, hope it is useful
> for you.
>
But let me explain how Cinelerra started and why it exited.
But let me start clean, too many digression above. In the next message.
>
> On Wed, Apr 27, 2016 at 11:22 AM, Miroslav Rovis <
> miro.rovis@???> wrote:
>
> > I pulled the changes and recompiled a few times, with the attempt below.
> >
> > I hoped setting:
--
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
(text/plain)