In XFree86 4.3.0, we had to patch the Mesa DRI drivers to call mprotect and mark memory allocated for runtime code generation with PROT_EXEC. John Dennis created our patch that implemented this, and I believe it was submitted upstream, however a recent report by Arjan shows that Mesa still disables exec-shield. xorg-x11-6.8.1-23.EL.i386 ./usr/X11R6/lib/modules/dri/gamma_dri.so: stack=RWE xorg-x11-6.8.1-23.EL.i386 ./usr/X11R6/lib/modules/dri/i810_dri.so: stack=RWE xorg-x11-6.8.1-23.EL.i386 ./usr/X11R6/lib/modules/dri/i915_dri.so: stack=RWE xorg-x11-6.8.1-23.EL.i386 ./usr/X11R6/lib/modules/dri/mga_dri.so: stack=RWE xorg-x11-6.8.1-23.EL.i386 ./usr/X11R6/lib/modules/dri/r128_dri.so: stack=RWE xorg-x11-6.8.1-23.EL.i386 ./usr/X11R6/lib/modules/dri/r200_dri.so: stack=RWE xorg-x11-6.8.1-23.EL.i386 ./usr/X11R6/lib/modules/dri/radeon_dri.so: stack=RWE xorg-x11-6.8.1-23.EL.i386 ./usr/X11R6/lib/modules/dri/tdfx_dri.so: stack=RWE xorg-x11-libs-6.8.1-23.EL.i386 ./usr/X11R6/lib/libOSMesa.so.4.0: stack=RWE It appears the patch never got accepted and integrated into Mesa CVS. The old patch is still present in our current xorg rpm disabled. Here are my own thoughts on the proper approach for someone to tackle fixing this: 1) Open a discussion on the topic on Mesa-dev mailing list to find out if current Mesa CVS head or any existing stable Mesa releases have already fixed this (or look at the CVS code directly). 2) Assuming it is still not fixed in Mesa CVS, propose a solution on mesa-dev and discuss it until Brian et al. agree the solution will be acceptable into the Mesa CVS tree. 3) If someone goes ahead and does the work, great. If not, then we should implement the solution discussed and agreed upon on mesa-dev, and submit it to Mesa. 4) Once the code is checked into Mesa CVS (and no sooner IMHO), we should then backport it to the Mesa in Xorg CVS head and get it checked into Xorg CVS, and into Mesa CVS stable branch of same Mesa release. 5) Once it is in Xorg CVS head, we should backport it to 6.8.x, and get it checked into both Mesa and Xorg CVS stable branches assuming it's accepted. The final step is applying the patches to our rpms, which I would place at step 6, to ensure that this is fully handled upstream before we ship patched rpms again, so that we know we wont have to port it again and again and again forever.
*** This bug has been marked as a duplicate of 147475 ***
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.