|
yann@1625
|
1 |
With latest versions of glibc, a lot of apps failed on a PaX enabled
|
|
yann@1625
|
2 |
system with:
|
|
yann@1625
|
3 |
cannot enable executable stack as shared object requires: Permission denied
|
|
yann@1625
|
4 |
|
|
yann@1625
|
5 |
This is due to PaX 'exec-protecting' the stack, and ld.so then trying
|
|
yann@1625
|
6 |
to make the stack executable due to some libraries not containing the
|
|
yann@1625
|
7 |
PT_GNU_STACK section. Bug #32960. <azarah@gentoo.org> (12 Nov 2003).
|
|
yann@1625
|
8 |
|
|
yann@1625
|
9 |
Patch also NPTL. Bug #116086. <kevquinn@gentoo.org> (20 Dec 2005).
|
|
yann@1625
|
10 |
|
|
yann@1625
|
11 |
diff -durN glibc-2.10.1.orig/nptl/allocatestack.c glibc-2.10.1/nptl/allocatestack.c
|
|
yann@1625
|
12 |
--- glibc-2.10.1.orig/nptl/allocatestack.c 2009-01-29 21:34:16.000000000 +0100
|
|
yann@1625
|
13 |
+++ glibc-2.10.1/nptl/allocatestack.c 2009-11-13 00:50:33.000000000 +0100
|
|
yann@1625
|
14 |
@@ -326,7 +326,8 @@
|
|
yann@1625
|
15 |
# error "Define either _STACK_GROWS_DOWN or _STACK_GROWS_UP"
|
|
yann@1625
|
16 |
#endif
|
|
yann@1625
|
17 |
if (mprotect (stack, len, PROT_READ | PROT_WRITE | PROT_EXEC) != 0)
|
|
yann@1625
|
18 |
- return errno;
|
|
yann@1625
|
19 |
+ if (errno != EACCES) /* PAX is enabled */
|
|
yann@1625
|
20 |
+ return errno;
|
|
yann@1625
|
21 |
|
|
yann@1625
|
22 |
return 0;
|
|
yann@1625
|
23 |
}
|
|
yann@1625
|
24 |
diff -durN glibc-2.10.1.orig/sysdeps/unix/sysv/linux/dl-execstack.c glibc-2.10.1/sysdeps/unix/sysv/linux/dl-execstack.c
|
|
yann@1625
|
25 |
--- glibc-2.10.1.orig/sysdeps/unix/sysv/linux/dl-execstack.c 2006-01-08 09:21:15.000000000 +0100
|
|
yann@1625
|
26 |
+++ glibc-2.10.1/sysdeps/unix/sysv/linux/dl-execstack.c 2009-11-13 00:50:33.000000000 +0100
|
|
yann@1625
|
27 |
@@ -63,7 +63,10 @@
|
|
yann@1625
|
28 |
else
|
|
yann@1625
|
29 |
# endif
|
|
yann@1625
|
30 |
{
|
|
yann@1625
|
31 |
- result = errno;
|
|
yann@1625
|
32 |
+ if (errno == EACCES) /* PAX is enabled */
|
|
yann@1625
|
33 |
+ result = 0;
|
|
yann@1625
|
34 |
+ else
|
|
yann@1625
|
35 |
+ result = errno;
|
|
yann@1625
|
36 |
goto out;
|
|
yann@1625
|
37 |
}
|
|
yann@1625
|
38 |
}
|
|
yann@1625
|
39 |
@@ -89,7 +92,12 @@
|
|
yann@1625
|
40 |
page -= size;
|
|
yann@1625
|
41 |
else
|
|
yann@1625
|
42 |
{
|
|
yann@1625
|
43 |
- if (errno != ENOMEM) /* Unexpected failure mode. */
|
|
yann@1625
|
44 |
+ if (errno == EACCES) /* PAX is enabled */
|
|
yann@1625
|
45 |
+ {
|
|
yann@1625
|
46 |
+ result = 0;
|
|
yann@1625
|
47 |
+ goto out;
|
|
yann@1625
|
48 |
+ }
|
|
yann@1625
|
49 |
+ else if (errno != ENOMEM) /* Unexpected failure mode. */
|
|
yann@1625
|
50 |
{
|
|
yann@1625
|
51 |
result = errno;
|
|
yann@1625
|
52 |
goto out;
|
|
yann@1625
|
53 |
@@ -115,7 +123,12 @@
|
|
yann@1625
|
54 |
page += size;
|
|
yann@1625
|
55 |
else
|
|
yann@1625
|
56 |
{
|
|
yann@1625
|
57 |
- if (errno != ENOMEM) /* Unexpected failure mode. */
|
|
yann@1625
|
58 |
+ if (errno == EACCES) /* PAX is enabled */
|
|
yann@1625
|
59 |
+ {
|
|
yann@1625
|
60 |
+ result = 0;
|
|
yann@1625
|
61 |
+ goto out;
|
|
yann@1625
|
62 |
+ }
|
|
yann@1625
|
63 |
+ else if (errno != ENOMEM) /* Unexpected failure mode. */
|
|
yann@1625
|
64 |
{
|
|
yann@1625
|
65 |
result = errno;
|
|
yann@1625
|
66 |
goto out;
|