|
yann@2437
|
1 |
With latest versions of glibc, a lot of apps failed on a PaX enabled
|
|
yann@2437
|
2 |
system with:
|
|
yann@2437
|
3 |
cannot enable executable stack as shared object requires: Permission denied
|
|
yann@2437
|
4 |
|
|
yann@2437
|
5 |
This is due to PaX 'exec-protecting' the stack, and ld.so then trying
|
|
yann@2437
|
6 |
to make the stack executable due to some libraries not containing the
|
|
yann@2437
|
7 |
PT_GNU_STACK section. Bug #32960. <azarah@gentoo.org> (12 Nov 2003).
|
|
yann@2437
|
8 |
|
|
yann@2437
|
9 |
Patch also NPTL. Bug #116086. <kevquinn@gentoo.org> (20 Dec 2005).
|
|
yann@2437
|
10 |
|
|
yann@2437
|
11 |
diff -durN glibc-2.12.1.orig/nptl/allocatestack.c glibc-2.12.1/nptl/allocatestack.c
|
|
yann@2437
|
12 |
--- glibc-2.12.1.orig/nptl/allocatestack.c 2009-01-29 21:34:16.000000000 +0100
|
|
yann@2437
|
13 |
+++ glibc-2.12.1/nptl/allocatestack.c 2009-11-13 00:50:33.000000000 +0100
|
|
yann@2437
|
14 |
@@ -329,7 +329,8 @@
|
|
yann@2437
|
15 |
# error "Define either _STACK_GROWS_DOWN or _STACK_GROWS_UP"
|
|
yann@2437
|
16 |
#endif
|
|
yann@2437
|
17 |
if (mprotect (stack, len, PROT_READ | PROT_WRITE | PROT_EXEC) != 0)
|
|
yann@2437
|
18 |
- return errno;
|
|
yann@2437
|
19 |
+ if (errno != EACCES) /* PAX is enabled */
|
|
yann@2437
|
20 |
+ return errno;
|
|
yann@2437
|
21 |
|
|
yann@2437
|
22 |
return 0;
|
|
yann@2437
|
23 |
}
|
|
yann@2437
|
24 |
diff -durN glibc-2.12.1.orig/sysdeps/unix/sysv/linux/dl-execstack.c glibc-2.12.1/sysdeps/unix/sysv/linux/dl-execstack.c
|
|
yann@2437
|
25 |
--- glibc-2.12.1.orig/sysdeps/unix/sysv/linux/dl-execstack.c 2006-01-08 09:21:15.000000000 +0100
|
|
yann@2437
|
26 |
+++ glibc-2.12.1/sysdeps/unix/sysv/linux/dl-execstack.c 2009-11-13 00:50:33.000000000 +0100
|
|
yann@2437
|
27 |
@@ -63,7 +63,10 @@
|
|
yann@2437
|
28 |
else
|
|
yann@2437
|
29 |
# endif
|
|
yann@2437
|
30 |
{
|
|
yann@2437
|
31 |
- result = errno;
|
|
yann@2437
|
32 |
+ if (errno == EACCES) /* PAX is enabled */
|
|
yann@2437
|
33 |
+ result = 0;
|
|
yann@2437
|
34 |
+ else
|
|
yann@2437
|
35 |
+ result = errno;
|
|
yann@2437
|
36 |
goto out;
|
|
yann@2437
|
37 |
}
|
|
yann@2437
|
38 |
}
|
|
yann@2437
|
39 |
@@ -89,7 +92,12 @@
|
|
yann@2437
|
40 |
page -= size;
|
|
yann@2437
|
41 |
else
|
|
yann@2437
|
42 |
{
|
|
yann@2437
|
43 |
- if (errno != ENOMEM) /* Unexpected failure mode. */
|
|
yann@2437
|
44 |
+ if (errno == EACCES) /* PAX is enabled */
|
|
yann@2437
|
45 |
+ {
|
|
yann@2437
|
46 |
+ result = 0;
|
|
yann@2437
|
47 |
+ goto out;
|
|
yann@2437
|
48 |
+ }
|
|
yann@2437
|
49 |
+ else if (errno != ENOMEM) /* Unexpected failure mode. */
|
|
yann@2437
|
50 |
{
|
|
yann@2437
|
51 |
result = errno;
|
|
yann@2437
|
52 |
goto out;
|
|
yann@2437
|
53 |
@@ -115,7 +123,12 @@
|
|
yann@2437
|
54 |
page += size;
|
|
yann@2437
|
55 |
else
|
|
yann@2437
|
56 |
{
|
|
yann@2437
|
57 |
- if (errno != ENOMEM) /* Unexpected failure mode. */
|
|
yann@2437
|
58 |
+ if (errno == EACCES) /* PAX is enabled */
|
|
yann@2437
|
59 |
+ {
|
|
yann@2437
|
60 |
+ result = 0;
|
|
yann@2437
|
61 |
+ goto out;
|
|
yann@2437
|
62 |
+ }
|
|
yann@2437
|
63 |
+ else if (errno != ENOMEM) /* Unexpected failure mode. */
|
|
yann@2437
|
64 |
{
|
|
yann@2437
|
65 |
result = errno;
|
|
yann@2437
|
66 |
goto out;
|