libgcrypt11 has an executable stack
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libgcrypt11 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: libgcrypt11
libgcrypt11 has an executable stack. This should probably be removed. This is doable in a variety of ways[1], but the easiest seems to be simply disabling the use of assembly code. This saves us the trouble of auditing it for actual code that wants an executable stack (as opposed to deciding it "looks like it works without it" and just taking it away and waiting to see if some obscure user breaks it in the future).
bluefox@
X /usr/lib/
The DEB_CONFIGURE_
#DEB_CONFIGURE_
DEB_DH_STRIP_ARGS = --dbg-package=
DEB_DH_
#Don't use inline assembly cruft
DEB_CONFIGURE_
bluefox@
- debian/
Oddly enough...
bluefox@
lrwxrwxrwx 1 bluefox bluefox 19 2006-06-09 17:39 debian/
-rw-r--r-- 1 bluefox bluefox 310348 2006-06-09 17:39 debian/
bluefox@
lrwxrwxrwx 1 root root 19 2006-05-22 17:53 /usr/lib/
-rw-r--r-- 1 root root 310348 2005-10-28 05:16 /usr/lib/
The sha1sums are different, but the size is the same. Weird. *shrug*
This issue was discovered by attempting to boot a PaX kernel on Ubuntu. More explaination into the issue of executabel stacks can be found at the below URI.
I have confirmed as well that this is the root cause of bug #34129, #34130, #34131, and #34132.
The following tasks also seem to have an executable stack for the following reasons (using a script that uses pax-utils[1]):
COMMAND: gnome-terminal (5294) libgcrypt. so.11.2. 1
RWX --- --- /usr/lib/
COMMAND: gnome-session (5334) libgcrypt. so.11.2. 1
RWX --- --- /usr/lib/
COMMAND: /usr/lib/ control- center/ gnome-settings- daemon (5339) libgcrypt. so.11.2. 1
RWX --- --- /usr/lib/
COMMAND: /usr/lib/ vino/vino- server (5341) libgcrypt. so.11.2. 1
RWX --- --- /usr/lib/
COMMAND: gnome-panel (5353) libgcrypt. so.11.2. 1
RWX --- --- /usr/lib/
COMMAND: nautilus (5355) libgcrypt. so.11.2. 1
RWX --- --- /usr/lib/
COMMAND: gnome-volume- manager (5358) libgcrypt. so.11.2. 1
RWX --- --- /usr/lib/
COMMAND: update-notifier (5362) libgcrypt. so.11.2. 1
RWX --- --- /usr/lib/
COMMAND: /usr/lib/ gnome-vfs- 2.0/gnome- vfs-daemon (5367) libgcrypt. so.11.2. 1
RWX --- --- /usr/lib/
COMMAND: /usr/lib/ gnome-applets/ trashapplet (5371) libgcrypt. so.11.2. 1
RWX --- --- /usr/lib/
COMMAND: /usr/lib/ gnome-applets/ multiload- applet- 2 (5401) libgcrypt. so.11.2. 1
RWX --- --- /usr/lib/
COMMAND: /usr/lib/ gnome-applets/ mixer_applet2 (5403) libgcrypt. so.11.2. 1
RWX --- --- /usr/lib/
COMMAND: /usr/lib/ gnome-applets/ gtik2_applet2 (5405) libgcrypt. so.11.2. 1
RWX --- --- /usr/lib/
COMMAND: gnome-cups-icon (5412) libgcrypt. so.11.2. 1
RWX --- --- /usr/lib/
COMMAND: /usr/lib/ gnome-panel/ clock-applet (5417) libgcrypt. so.11.2. 1
RWX --- --- /usr/lib/
COMMAND: xchat-gnome (5426) libgcrypt. so.11.2. 1
RWX --- --- /usr/lib/
COMMAND: /usr/lib/ firefox/ firefox- bin (5549) .mozilla/ plugins/ libflashplayer. so libgcrypt. so.11.2. 1
TEXTREL /home/bluefox/
RWX --- --- /usr/lib/
COMMAND: rhythmbox (14659) gstreamer- 0.10/libgstffmp eg.so libFLAC. so.7.0. 0 libgcrypt. so.11.2. 1
TEXTREL /usr/lib/
RWX --- --- /usr/lib/
RWX --- --- /usr/lib/
Fixing libgcrypt fixes a lot. :)
[1] http:// www.gentoo. org/proj/ en/hardened/ pax-utils. xml