Bug#445595: Let's fix this for Lenny

Russell Coker russell at coker.com.au
Sun Aug 10 10:43:08 UTC 2008

This is a two line patch that makes no actual code changes (it just changes 
the labelling of the shared object header).  The result of this change is the 
same as running "execstack -c" on the shared object.

This patch improves system security.  Without it any program that links to 
that shared object (or any shared object that depends on it) will run with an 
executable stack.

For example here is the difference in output between "paxtest kiddie" 
and "LD_PRELOAD=/usr/lib/libsmpeg-0.4.so.0 paxtest kiddie":

< Executable stack                         : Killed
> Executable stack                         : Vulnerable

While it seems unlikely that someone would use LD_PRELOAD in such a manner in 
any realistic attack situation, it is a good demonstration of the result of 
having the shared object in question linked to the executable.

With my patch applied the result is that the "Executable stack" test gives a 
result of "Killed".  NB paxtest is an i386 only package, but I believe that 
the same result applies to AMD64.

It would be quite embarrassing if Lenny was vulnerable to a security problem 
because of this with the patch in the BTS for almost a year.

Would you like me to NMU it?

More information about the Pkg-sdl-maintainers mailing list