Package: libcln3c2 Version: 1.1.9-2 Severity: normal Hello!
After upgrading my system, I've noticed that CLN shared library is marked as having executable stack: $ execstack /usr/lib/libcln.so.3.0.3 X /usr/lib/libcln.so.3.0.3 Marking the stack as non-executable $ sudo execstack -c /usr/lib/libcln.so.3.0.3 did not break any binary linked with CLN (in particular, ginsh works just fine), so I don't think that CLN needs an executable stack. The reason why stack is marked as executable is that CLN has some assembly sources, which has no appropriate marker, see https://www.redhat.com/archives/fedora-devel-list/2005-March/msg00460.html for more details. Here is a trivial patch which adds necessary marker (sorry, x86 only): diff -Nru cln-1.1.9-orig/src/base/digitseq/cl_asm_i386_.cc cln-1.1.9/src/base/digitseq/cl_asm_i386_.cc --- cln-1.1.9-orig/src/base/digitseq/cl_asm_i386_.cc 2000-01-28 14:37:28.000000000 +0300 +++ cln-1.1.9/src/base/digitseq/cl_asm_i386_.cc 2005-08-07 13:50:02.000000000 +0400 @@ -2068,3 +2068,7 @@ popl %esi // %esi zur??ck ret + // We don't need executable stack, so we have to add this: + .section .note.GNU-stack,"",@progbits This patch works for me (x86/Linux), but I can't say if it works on other platforms (e.g., with non-GNU assemblers/linkers) -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.31-grsec-acl-pktcd-i686-smp Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) Versions of packages libcln3c2 depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libgmp3c2 4.1.4-8 Multiprecision arithmetic library libcln3c2 recommends no packages. -- no debconf information
signature.asc
Description: Digital signature
