| author | "Yann E. MORIN" <yann.morin.1998@free.fr> |
| Tue Jul 31 22:27:29 2012 +0200 (2012-07-31) | |
| changeset 3018 | 7776e8369284 |
| permissions | -rw-r--r-- |
| yann@1625 | 1 |
With latest versions of glibc, a lot of apps failed on a PaX enabled |
| yann@1625 | 2 |
system with: |
| yann@1625 | 3 |
cannot enable executable stack as shared object requires: Permission denied |
| yann@1625 | 4 |
|
| yann@1625 | 5 |
This is due to PaX 'exec-protecting' the stack, and ld.so then trying |
| yann@1625 | 6 |
to make the stack executable due to some libraries not containing the |
| yann@1625 | 7 |
PT_GNU_STACK section. Bug #32960. <azarah@gentoo.org> (12 Nov 2003). |
| yann@1625 | 8 |
|
| yann@1625 | 9 |
Patch also NPTL. Bug #116086. <kevquinn@gentoo.org> (20 Dec 2005). |
| yann@1625 | 10 |
|
| yann@1625 | 11 |
diff -durN glibc-2.10.1.orig/nptl/allocatestack.c glibc-2.10.1/nptl/allocatestack.c |
| yann@1625 | 12 |
--- glibc-2.10.1.orig/nptl/allocatestack.c 2009-01-29 21:34:16.000000000 +0100 |
| yann@1625 | 13 |
+++ glibc-2.10.1/nptl/allocatestack.c 2009-11-13 00:50:33.000000000 +0100 |
| yann@1625 | 14 |
@@ -326,7 +326,8 @@ |
| yann@1625 | 15 |
# error "Define either _STACK_GROWS_DOWN or _STACK_GROWS_UP" |
| yann@1625 | 16 |
#endif |
| yann@1625 | 17 |
if (mprotect (stack, len, PROT_READ | PROT_WRITE | PROT_EXEC) != 0) |
| yann@1625 | 18 |
- return errno; |
| yann@1625 | 19 |
+ if (errno != EACCES) /* PAX is enabled */ |
| yann@1625 | 20 |
+ return errno; |
| yann@1625 | 21 |
|
| yann@1625 | 22 |
return 0; |
| yann@1625 | 23 |
} |
| yann@1625 | 24 |
diff -durN glibc-2.10.1.orig/sysdeps/unix/sysv/linux/dl-execstack.c glibc-2.10.1/sysdeps/unix/sysv/linux/dl-execstack.c |
| yann@1625 | 25 |
--- glibc-2.10.1.orig/sysdeps/unix/sysv/linux/dl-execstack.c 2006-01-08 09:21:15.000000000 +0100 |
| yann@1625 | 26 |
+++ glibc-2.10.1/sysdeps/unix/sysv/linux/dl-execstack.c 2009-11-13 00:50:33.000000000 +0100 |
| yann@1625 | 27 |
@@ -63,7 +63,10 @@ |
| yann@1625 | 28 |
else |
| yann@1625 | 29 |
# endif |
| yann@1625 | 30 |
{
|
| yann@1625 | 31 |
- result = errno; |
| yann@1625 | 32 |
+ if (errno == EACCES) /* PAX is enabled */ |
| yann@1625 | 33 |
+ result = 0; |
| yann@1625 | 34 |
+ else |
| yann@1625 | 35 |
+ result = errno; |
| yann@1625 | 36 |
goto out; |
| yann@1625 | 37 |
} |
| yann@1625 | 38 |
} |
| yann@1625 | 39 |
@@ -89,7 +92,12 @@ |
| yann@1625 | 40 |
page -= size; |
| yann@1625 | 41 |
else |
| yann@1625 | 42 |
{
|
| yann@1625 | 43 |
- if (errno != ENOMEM) /* Unexpected failure mode. */ |
| yann@1625 | 44 |
+ if (errno == EACCES) /* PAX is enabled */ |
| yann@1625 | 45 |
+ {
|
| yann@1625 | 46 |
+ result = 0; |
| yann@1625 | 47 |
+ goto out; |
| yann@1625 | 48 |
+ } |
| yann@1625 | 49 |
+ else if (errno != ENOMEM) /* Unexpected failure mode. */ |
| yann@1625 | 50 |
{
|
| yann@1625 | 51 |
result = errno; |
| yann@1625 | 52 |
goto out; |
| yann@1625 | 53 |
@@ -115,7 +123,12 @@ |
| yann@1625 | 54 |
page += size; |
| yann@1625 | 55 |
else |
| yann@1625 | 56 |
{
|
| yann@1625 | 57 |
- if (errno != ENOMEM) /* Unexpected failure mode. */ |
| yann@1625 | 58 |
+ if (errno == EACCES) /* PAX is enabled */ |
| yann@1625 | 59 |
+ {
|
| yann@1625 | 60 |
+ result = 0; |
| yann@1625 | 61 |
+ goto out; |
| yann@1625 | 62 |
+ } |
| yann@1625 | 63 |
+ else if (errno != ENOMEM) /* Unexpected failure mode. */ |
| yann@1625 | 64 |
{
|
| yann@1625 | 65 |
result = errno; |
| yann@1625 | 66 |
goto out; |