The execshield code in RHEL3 is pretty similar so this probably applies to RHEL3 as well; if so this is a serious issue (see #161136) +++ This bug was initially created as a clone of Bug #161136 +++ Whilst playing with an X application I found that around 20% of the time libraries would get loaded between bss and brk, therefore making the applications bss and data executable. Ingo discovered it was due to an execshield bug: "this patch fixes the fallback randomizer to randomize between 16MB...start_brk, instead of 16MB...brk. ->brk is problematic because due to brk randomization it creates a hole between BSS and brk, where DSOs might be loaded randomly." "i have tested the patch against the exec-shield patch(es) in Fedora, so it would be safe to apply. PIEs work fine and the randomization now works correctly."
A fix for this problem has just been committed to the RHEL3 U7 patch pool this evening (in kernel version 2.4.21-37.4.EL).
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0144.html