This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 107002 - Exec-stackable glibc does not depend on Exec-stackable kernel
Exec-stackable glibc does not depend on Exec-stackable kernel
Status: CLOSED RAWHIDE
Product: Red Hat Raw Hide
Classification: Retired
Component: glibc (Show other bugs)
1.0
All Linux
high Severity high
: ---
: ---
Assigned To: Jakub Jelinek
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-10-14 06:58 EDT by Nicolas Mailhot
Modified: 2005-10-31 17:00 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-10-16 10:42:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Nicolas Mailhot 2003-10-14 06:58:20 EDT
Today a glibc that depends on an exec-stackable kernel leaked in Rawhide.

The problem is this package does not depend on a kernel package that is
exec-stack enabled.

As a result a package manager will update the system and glibc without updating
the kernel (most package managers do not update kernels automatically by default
since this is deemed a dangerous operation).

After the operation most apps wont execute anymore since they need the kernel
facilities and the kernel was not updated. This includes rpm (in beecrypt). You
can not even download the latest rawhide kernel and install with rpm to fix the
mess.

Game over.
Comment 1 Jakub Jelinek 2003-10-16 10:42:23 EDT
But it does not depend on kernel with exec-shield.
It depends on either kernel without exec-shield, or with non-buggy exec-shield
support. Furthermore, dependencies on running kernel (as opposed to installed)
are not expressible in rpm.
To my knowledge, the buggy kernels (with non-executable stack, but without MAYEXEC
flag on it, such that it cannot be made executable) have never been released
in any final distro by us; beta testing includes such risks.
You should be able to workaround this by disabling exec-shield
(echo 0 > /proc/sys/kernel/exec-shield), upgrading kernel and rebooting.
Comment 2 Nicolas Mailhot 2003-10-16 11:11:09 EDT
Ok, fair enough.

Note You need to log in before you can comment on or make changes to this bug.