Today a glibc that depends on an exec-stackable kernel leaked in Rawhide.
The problem is this package does not depend on a kernel package that is
As a result a package manager will update the system and glibc without updating
the kernel (most package managers do not update kernels automatically by default
since this is deemed a dangerous operation).
After the operation most apps wont execute anymore since they need the kernel
facilities and the kernel was not updated. This includes rpm (in beecrypt). You
can not even download the latest rawhide kernel and install with rpm to fix the
But it does not depend on kernel with exec-shield.
It depends on either kernel without exec-shield, or with non-buggy exec-shield
support. Furthermore, dependencies on running kernel (as opposed to installed)
are not expressible in rpm.
To my knowledge, the buggy kernels (with non-executable stack, but without MAYEXEC
flag on it, such that it cannot be made executable) have never been released
in any final distro by us; beta testing includes such risks.
You should be able to workaround this by disabling exec-shield
(echo 0 > /proc/sys/kernel/exec-shield), upgrading kernel and rebooting.
Ok, fair enough.