[Pkg-gnupg-maint] Bug#527630: built with needless executable stack
Daniel Leidert
daniel.leidert at wgdd.de
Fri May 8 16:49:53 UTC 2009
Am Freitag, den 08.05.2009, 08:37 -0700 schrieb Kees Cook:
> gnupg is built with an executable stack, which is not needed and can lead
> to security problems if a flaw is found that allows an attacker to fill
> stack memory with executable code on ia32.
>
> Attached patch adds the configure option to enable this protection. This
> is also being tracked in Ubuntu as:
> https://bugs.edge.launchpad.net/bugs/49323
gnupg comes with a configure option (m4/noexecstack.m4) - it was me
answering there. However, I checked this issue recently and I didn't
find an executable stack (neither on Ubuntu nor Debian), although it is
not yet built with --enable-noexecstack. However, I already considered
adding this switch.
Regards, Daniel
More information about the Pkg-gnupg-maint
mailing list