Red Hat Bugzilla – Bug 127686
RHEL3 U3 kernel has execstack support, but no PROT_GROWSDOWN
Last modified: 2007-11-30 17:07:02 EST
Without PROT_GROWSDOWN, especially on RHEL3 Ux where there are still
many shared libraries either without PT_GNU_STACK or with RWE PT_GNU_STACK,
the dynamic linker needs to mprotect stack the slow way, e.g.
with main binary PT_GNU_STACK PF_R|PF_W, but some shared library
it depends on or dlopens doesn't have PT_GNU_STACK or has PF_X bit
set in its p_flags, ld.so ends up doing:
mprotect(0xbfffb000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_GROWSDOWN) = -1 EINVAL (Invalid argument)
mprotect(0xbfff4000, 32768, PROT_READ|PROT_WRITE|PROT_EXEC) = -1 ENOMEM (Cannot allocate memory)
mprotect(0xbfff8000, 16384, PROT_READ|PROT_WRITE|PROT_EXEC) = -1 ENOMEM (Cannot allocate memory)
mprotect(0xbfffa000, 8192, PROT_READ|PROT_WRITE|PROT_EXEC) = -1 ENOMEM (Cannot allocate memory)
mprotect(0xbfffb000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mprotect(0xbfffa000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) = -1 ENOMEM (Cannot allocate memory)
Patch for this is available in bug #127341.
(or if we have time, just move the PROT_GROWSDOWN definitions to
where they belong instead of the hack I put together in the hope
it could make RHEL3 U3 beta).
This seems like a reasonable feature request for U4. It's
basically a back-port from 2.6. I think the mprotect(2)
man page should also be updated.
Yep, agreed for U4, i'd suggest to apply the patch in #127341.
patch submitted for taroon.
The patch in comment #28 bug #127341 was committed to the RHEL3 U4
patch pool yesterday evening (in kernel version 2.4.21-20.1.EL).
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.