On Wed, Aug 17, 2016 at 11:35:30AM -0700, Jeremy Evans wrote: > On 08/17 08:03, Adam Wolk wrote: > > Hi ports@, > > > > I bumped my snapshot yesterday (yeah it was long coming) and after the > > upgrade > > my rails app started crashing. It's served by nginx in this specific case > > but > > that doesn't matter for this specific issue. > > > > The app loads the ruby racer gem which is a binding to v8 which obviously > > contains a JIT and violatex W^X. > > > > I recompiled my lang/ruby with the wxneeded annotation and everything works > > again with one significant issue. The configure check fails by trying to > > execute > > a binary marked wxneeded outside the /usr/local mountpoint (/usr/pobj in > > this > > case). I passed compilation after moving my pobj to a wxneeded mountpoint. > > > > I'm CC'ing the port maintainer and adding my local patch. Should we mark the > > binaries as wxneeded and if yes how do we handle configure failing in > > default > > pobj location setup? > > Adam, > > I'm on the fence about this. Basically, you are asking all users of ruby to > accept additional insecurity, because you want to use an extension that most > users of ruby are not using. > > As an occasional user of therubyracer, I can understand your frustration. > I think a better solution would be to allow users that want to allow W|X > to mark such executables themselves, instead of forcing all users to > accept insecurity for the convenience of a few. However, I'm not > qualified to determine if that is a feasible idea. >
I'm not frustrated about it, just hit it on local & patched my local ruby. I don't need this outside local development so I'm not pushing/demanding this change to be committed. Mostly I saw the python thread and thought that ruby would be a similar frequent case that people hit and it's good to discuss what we should do about it. > > Now, ruby is not a special flower. This issue affects similar software > such as python, and we made a similar change for python a few days ago. > For consistency purposes, it would make sense to make this change for > ruby if we are making it for python. Because of that, if another > developer OKs it, I will commit it (after testing of course). > > Thanks, > Jeremy > > > > > Regards, > > Adam > Fine with me. I'm also OK just maintaining my local change if this doesn't impact anyone else.
