Red Hat Bugzilla – Bug 161188
Sometimes data/bss can be executable
Last modified: 2007-11-30 17:07:07 EST
The execshield code in RHEL3 is pretty similar so this probably applies to RHEL3
as well; if so this is a serious issue (see #161136)
+++ This bug was initially created as a clone of Bug #161136 +++
Whilst playing with an X application I found that around 20% of the time
libraries would get loaded between bss and brk, therefore making the
applications bss and data executable. Ingo discovered it was due to an
"this patch fixes the fallback randomizer to randomize between
16MB...start_brk, instead of 16MB...brk. ->brk is problematic because
due to brk randomization it creates a hole between BSS and brk, where
DSOs might be loaded randomly." "i have tested the patch against the exec-shield
patch(es) in Fedora, so it would be safe to apply. PIEs work fine and the
randomization now works correctly."
A fix for this problem has just been committed to the RHEL3 U7
patch pool this evening (in kernel version 2.4.21-37.4.EL).
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.