Re: [patch] updated exec-shield patch, 2.4/2.6 -G3

[Valdis . Kletnieks]

On Fri, 26 Sep 2003 14:28:54 +0200, Ingo Molnar <mingo@xxxxxxx>  said:

> against vanilla 2.6.0-test5:
> 
> 	redhat.com/~mingo/exec-shield/exec-shield-2.6.0-test5-G2

Ingo, you rock. ;)  I'm using a fairly current Rawhide here (within last 2
weeks or so).

Applied with 2 or 3 minor conflicts and a few fuzz/delta messages against
-test5-mm4 (I have a refactored patch if anybody is interested).  It booted
OK, seems to be working well enough that e-mail and XFree (even with the
evil binary NVidia driver) are functional.

>    = 0   exec-shield disabled
>    = 1   exec-shield on PT_GNU_STACK executables [ie. binaries compiled 
>                                                   with newest gcc]
>    = 2   (default) exec-shield on all executables
> 
> value 1 is recommended with glibc and gcc versions that support
> PT_GNU_STACK all across the spectrum. (Fedora Core test2 [released
> yesterday] includes all of this and all applications were recompiled to
> have valid PT_GNU_STACK settings.) On other systems the value of '2' is
> recommended, use setarch for those binaries that cannot take exec-shield
> [eg. Loki games].

I'm assuming it's this GCC change in Rawhide:

* Wed Jun 04 2003 Jakub Jelinek  <jakub@xxxxxxxxxx> 3.3-4

- mark object files with .note.GNU-stack notes whether they
  need or don't need executable stack

(and another at 3.3-5).  Has the current Rawhide been recompiled with this
support, or should I stick with '2' and use setarch for things that fail?

Now to go build a testcase program and try to shellcode it. ;)

Attachment: pgp00001.pgp
Description: PGP signature