yann@1201
|
1 |
Original patch from: gentoo/src/patchsets/glibc/2.9/3000_all_2.3.6-dl_execstack-PaX-support.patch
|
yann@1201
|
2 |
|
yann@1201
|
3 |
-= BEGIN original header =-
|
yann@1201
|
4 |
With latest versions of glibc, a lot of apps failed on a PaX enabled
|
yann@1201
|
5 |
system with:
|
yann@1201
|
6 |
cannot enable executable stack as shared object requires: Permission denied
|
yann@1201
|
7 |
|
yann@1201
|
8 |
This is due to PaX 'exec-protecting' the stack, and ld.so then trying
|
yann@1201
|
9 |
to make the stack executable due to some libraries not containing the
|
yann@1201
|
10 |
PT_GNU_STACK section. Bug #32960. <azarah@gentoo.org> (12 Nov 2003).
|
yann@1201
|
11 |
|
yann@1201
|
12 |
Patch also NPTL. Bug #116086. <kevquinn@gentoo.org> (20 Dec 2005).
|
yann@1201
|
13 |
|
yann@1201
|
14 |
-= END original header =-
|
yann@1201
|
15 |
|
yann@1201
|
16 |
diff -durN glibc-2_9.orig/nptl/allocatestack.c glibc-2_9/nptl/allocatestack.c
|
yann@1201
|
17 |
--- glibc-2_9.orig/nptl/allocatestack.c 2008-08-16 00:35:27.000000000 +0200
|
yann@1201
|
18 |
+++ glibc-2_9/nptl/allocatestack.c 2009-02-02 22:01:20.000000000 +0100
|
yann@1201
|
19 |
@@ -299,7 +299,8 @@
|
yann@1201
|
20 |
# error "Define either _STACK_GROWS_DOWN or _STACK_GROWS_UP"
|
yann@1201
|
21 |
#endif
|
yann@1201
|
22 |
if (mprotect (stack, len, PROT_READ | PROT_WRITE | PROT_EXEC) != 0)
|
yann@1201
|
23 |
- return errno;
|
yann@1201
|
24 |
+ if (errno != EACCES) /* PAX is enabled */
|
yann@1201
|
25 |
+ return errno;
|
yann@1201
|
26 |
|
yann@1201
|
27 |
return 0;
|
yann@1201
|
28 |
}
|
yann@1201
|
29 |
diff -durN glibc-2_9.orig/sysdeps/unix/sysv/linux/dl-execstack.c glibc-2_9/sysdeps/unix/sysv/linux/dl-execstack.c
|
yann@1201
|
30 |
--- glibc-2_9.orig/sysdeps/unix/sysv/linux/dl-execstack.c 2006-01-08 09:21:15.000000000 +0100
|
yann@1201
|
31 |
+++ glibc-2_9/sysdeps/unix/sysv/linux/dl-execstack.c 2009-02-02 22:01:20.000000000 +0100
|
yann@1201
|
32 |
@@ -63,7 +63,10 @@
|
yann@1201
|
33 |
else
|
yann@1201
|
34 |
# endif
|
yann@1201
|
35 |
{
|
yann@1201
|
36 |
- result = errno;
|
yann@1201
|
37 |
+ if (errno == EACCES) /* PAX is enabled */
|
yann@1201
|
38 |
+ result = 0;
|
yann@1201
|
39 |
+ else
|
yann@1201
|
40 |
+ result = errno;
|
yann@1201
|
41 |
goto out;
|
yann@1201
|
42 |
}
|
yann@1201
|
43 |
}
|
yann@1201
|
44 |
@@ -89,7 +92,12 @@
|
yann@1201
|
45 |
page -= size;
|
yann@1201
|
46 |
else
|
yann@1201
|
47 |
{
|
yann@1201
|
48 |
- if (errno != ENOMEM) /* Unexpected failure mode. */
|
yann@1201
|
49 |
+ if (errno == EACCES) /* PAX is enabled */
|
yann@1201
|
50 |
+ {
|
yann@1201
|
51 |
+ result = 0;
|
yann@1201
|
52 |
+ goto out;
|
yann@1201
|
53 |
+ }
|
yann@1201
|
54 |
+ else if (errno != ENOMEM) /* Unexpected failure mode. */
|
yann@1201
|
55 |
{
|
yann@1201
|
56 |
result = errno;
|
yann@1201
|
57 |
goto out;
|
yann@1201
|
58 |
@@ -115,7 +123,12 @@
|
yann@1201
|
59 |
page += size;
|
yann@1201
|
60 |
else
|
yann@1201
|
61 |
{
|
yann@1201
|
62 |
- if (errno != ENOMEM) /* Unexpected failure mode. */
|
yann@1201
|
63 |
+ if (errno == EACCES) /* PAX is enabled */
|
yann@1201
|
64 |
+ {
|
yann@1201
|
65 |
+ result = 0;
|
yann@1201
|
66 |
+ goto out;
|
yann@1201
|
67 |
+ }
|
yann@1201
|
68 |
+ else if (errno != ENOMEM) /* Unexpected failure mode. */
|
yann@1201
|
69 |
{
|
yann@1201
|
70 |
result = errno;
|
yann@1201
|
71 |
goto out;
|