Bug#301135: libc6: libacl/libcrypto/libasound all have PT_GNU_STACK enabled on them in glibc 2.3.4-1
On Wed, Mar 23, 2005 at 06:10:44PM -0500, Brad Spengler wrote:
> Package: libc6
> Version: 2.3.4-1
> Severity: important
>
>
> libacl/libcrypto/libasound all have PT_GNU_STACK enabled on them in
> glibc 2.3.4-1, making them request an executable stack when none is
> needed. This severely breaks a PaX system and effectively backdoors
> most applications on systems using exec-shield.
>
> Here's the relevant readelf -e output for libacl. It would be wise for
> debian to check all packages for these same kinds of problems now to
> avoid causing lots of problems later when glibc 2.3.4 goes into
> unstable. Since this problem causes security features to be silently
> disabled in the case of exec-shield, it is a security issue in addition
> to a large usability problem in the case of PaX.
>
> Program Headers:
> Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
> LOAD 0x000000 0x00000000 0x00000000 0x051b6 0x051b6 R E 0x1000
> LOAD 0x0051b8 0x000061b8 0x000061b8 0x001dc 0x001fc RW 0x1000
> DYNAMIC 0x0051cc 0x000061cc 0x000061cc 0x000e0 0x000e0 RW 0x4
> STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4
Why is this a bug in glibc 2.3.4? Why is it even related to glibc
2.3.4? Those libraries are not part of glibc.
--
Daniel Jacobowitz
CodeSourcery, LLC
Reply to: