Bug 107002 - Exec-stackable glibc does not depend on Exec-stackable kernel
Summary: Exec-stackable glibc does not depend on Exec-stackable kernel
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: glibc
Version: 1.0
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-10-14 10:58 UTC by Nicolas Mailhot
Modified: 2016-11-24 15:16 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2003-10-16 14:42:23 UTC
Embargoed:


Attachments (Terms of Use)

Description Nicolas Mailhot 2003-10-14 10:58:20 UTC
Today a glibc that depends on an exec-stackable kernel leaked in Rawhide.

The problem is this package does not depend on a kernel package that is
exec-stack enabled.

As a result a package manager will update the system and glibc without updating
the kernel (most package managers do not update kernels automatically by default
since this is deemed a dangerous operation).

After the operation most apps wont execute anymore since they need the kernel
facilities and the kernel was not updated. This includes rpm (in beecrypt). You
can not even download the latest rawhide kernel and install with rpm to fix the
mess.

Game over.

Comment 1 Jakub Jelinek 2003-10-16 14:42:23 UTC
But it does not depend on kernel with exec-shield.
It depends on either kernel without exec-shield, or with non-buggy exec-shield
support. Furthermore, dependencies on running kernel (as opposed to installed)
are not expressible in rpm.
To my knowledge, the buggy kernels (with non-executable stack, but without MAYEXEC
flag on it, such that it cannot be made executable) have never been released
in any final distro by us; beta testing includes such risks.
You should be able to workaround this by disabling exec-shield
(echo 0 > /proc/sys/kernel/exec-shield), upgrading kernel and rebooting.

Comment 2 Nicolas Mailhot 2003-10-16 15:11:09 UTC
Ok, fair enough.


Note You need to log in before you can comment on or make changes to this bug.