Re: [PROPOSAL/PATCH] Remove PT_GNU_STACK support before 2.6.11

[Ingo Molnar <mingo@elte.hu>]

* Arjan van de Ven <arjan@infradead.org> wrote:

> > [...] when the program has trampolines and has PT_GNU_STACK
> > header with an E bit on the stack it still won't get an executable
> > heap by default  (this is what broke grub)
> 
> this I can fix easy, see the patch below
> 
> the problem is in the read_implies_exec() design, it passed in "does
> it have a PT_GNU_STACK flag" not the value. Easy fix.

> So I rather see the patch below merged instead; it fixes the worst
> problems (RWE not marking the heap executable) while keeping this
> useful feature enabled.
> 
> Signed-off-by: Arjan van de Ven <arjan@infradead.org>

looks good.

 Signed-off-by: Ingo Molnar <mingo@elte.hu>

(I'd like to stress that this problem only affects packages _recompiled_
with new gcc, running on NX capable CPUs - legacy apps or CPUs are in no
way affected. Also, even with a recompile, apps/kernels/distros have a
number of other options as well even without this kernel fix, of varying
granularity: to use the setarch utility, to set the READ_IMPLIES_EXEC
personality bit within the code, or to pass in the noexec=off kernel
commandline option, or to add a oneliner patch to their heap of 1500+
kernel patches, or to fix the application. Also, with Arjan's patch
applied, the execstack utility can be used to remark the binary
permanently, if needed.)

	Ingo