yann@2437: 	With latest versions of glibc, a lot of apps failed on a PaX enabled
yann@2437: 	system with:
yann@2437: 		 cannot enable executable stack as shared object requires: Permission denied
yann@2437: 	
yann@2437: 	This is due to PaX 'exec-protecting' the stack, and ld.so then trying
yann@2437: 	to make the stack executable due to some libraries not containing the
yann@2437: 	PT_GNU_STACK section.  Bug #32960.  <azarah@gentoo.org> (12 Nov 2003).
yann@2437: 
yann@2437: 	Patch also NPTL. Bug #116086. <kevquinn@gentoo.org> (20 Dec 2005).
yann@2437: 
yann@2437: diff -durN glibc-2.12.1.orig/nptl/allocatestack.c glibc-2.12.1/nptl/allocatestack.c
yann@2437: --- glibc-2.12.1.orig/nptl/allocatestack.c	2009-01-29 21:34:16.000000000 +0100
yann@2437: +++ glibc-2.12.1/nptl/allocatestack.c	2009-11-13 00:50:33.000000000 +0100
yann@2437: @@ -329,7 +329,8 @@
yann@2437:  # error "Define either _STACK_GROWS_DOWN or _STACK_GROWS_UP"
yann@2437:  #endif
yann@2437:    if (mprotect (stack, len, PROT_READ | PROT_WRITE | PROT_EXEC) != 0)
yann@2437: -    return errno;
yann@2437: +    if (errno != EACCES) /* PAX is enabled */
yann@2437: +    	return errno;
yann@2437:  
yann@2437:    return 0;
yann@2437:  }
yann@2437: diff -durN glibc-2.12.1.orig/sysdeps/unix/sysv/linux/dl-execstack.c glibc-2.12.1/sysdeps/unix/sysv/linux/dl-execstack.c
yann@2437: --- glibc-2.12.1.orig/sysdeps/unix/sysv/linux/dl-execstack.c	2006-01-08 09:21:15.000000000 +0100
yann@2437: +++ glibc-2.12.1/sysdeps/unix/sysv/linux/dl-execstack.c	2009-11-13 00:50:33.000000000 +0100
yann@2437: @@ -63,7 +63,10 @@
yann@2437:        else
yann@2437:  # endif
yann@2437:  	{
yann@2437: -	  result = errno;
yann@2437: +	  if (errno == EACCES)  /* PAX is enabled */
yann@2437: +	    result = 0;
yann@2437: +	  else
yann@2437: +	    result = errno;
yann@2437:  	  goto out;
yann@2437:  	}
yann@2437:      }
yann@2437: @@ -89,7 +92,12 @@
yann@2437:  	page -= size;
yann@2437:        else
yann@2437:  	{
yann@2437: -	  if (errno != ENOMEM)	/* Unexpected failure mode.  */
yann@2437: +	  if (errno == EACCES)		/* PAX is enabled */
yann@2437: +	    {
yann@2437: +	      result = 0;
yann@2437: +	      goto out;
yann@2437: +	    }
yann@2437: +	  else if (errno != ENOMEM)	/* Unexpected failure mode.  */
yann@2437:  	    {
yann@2437:  	      result = errno;
yann@2437:  	      goto out;
yann@2437: @@ -115,7 +123,12 @@
yann@2437:  	page += size;
yann@2437:        else
yann@2437:  	{
yann@2437: -	  if (errno != ENOMEM)	/* Unexpected failure mode.  */
yann@2437: +	  if (errno == EACCES)		/* PAX is enabled */
yann@2437: +	    {
yann@2437: +	      result = 0;
yann@2437: +	      goto out;
yann@2437: +	    }
yann@2437: +	  else if (errno != ENOMEM)	/* Unexpected failure mode.  */
yann@2437:  	    {
yann@2437:  	      result = errno;
yann@2437:  	      goto out;