current-users: Re: kern/30008 & NetBSD 3.0_BETA: "cannot enable executable stack"

Subject: Re: kern/30008 & NetBSD 3.0_BETA: "cannot enable executable stack"
To: Christos Zoulas <christos@astron.com>
From: Chuck Silvers <chuq@chuq.com>
List: current-users
Date: 10/25/2005 22:14:17

making linux process stacks always executable is not the right answer.
linux appears to pay attention to the permission flags for the STACK ELF
section and mprotect() the stack to make it executable if the ELF header
for any shared library indicate that it's necessary.  this mprotect() is
failing with EACCES.  this probably means that we're setting the maxprot
too restrictively somewhere, but I don't see where yet.

but this error occurs even while installing the emulators/suse* stuff
from pkgsrc, so it should be easy to track it down.  I'll keep looking.

-Chuck


On Wed, Oct 26, 2005 at 03:01:43AM +0000, Christos Zoulas wrote:
> In article <20051026023350.GA2853@slab.colubris.lan>,
> Brian de Alwis  <bsd@cs.ubc.ca> wrote:
> >I upgraded my machine to the NetBSD 3.0_BETA from the NetBSD-daily
> >build of 20051020.  Everything's worked fine, except now many of
> >my linux programs are barfing with errors like:
> >
> >    ShadowDesktopRun: error while loading shared libraries: libGL.so.1:
> >cannot enable executable stack as shared object requires: Permission
> >denied
> >
> >I get this with a number of programs, include the Sun JDK,
> >mozilla-linux, and others.  Unfortunately I need the JDK for my
> >work!
> >
> >Hunting around for the last while, I stumbled across kern/30008
> >and some other messages, but I've found not solutions.
> >
> >On the Linux side, I found references to a command execstack(8),
> >part of a prelink package.  I've hunted this down to
> ><ftp://people.redhat.com/jakub/prelink/>; unfortunately none of
> >the Linux boxes I have access to come with this program, and it's
> >not willingly compiling on the SuSE boxes here.s
> >
> >As I try to figure out how to get it to compile, I thought I'd post
> >this to see if anybody else had come up with a better solution.
> >Help?
> >
> 
> Index: linux_exec_machdep.c
> ===================================================================
> RCS file: /cvsroot/src/sys/compat/linux/arch/i386/linux_exec_machdep.c,v
> retrieving revision 1.2
> diff -u -u -r1.2 linux_exec_machdep.c
> --- linux_exec_machdep.c	26 Feb 2005 23:10:19 -0000	1.2
> +++ linux_exec_machdep.c	26 Oct 2005 03:00:47 -0000
> @@ -123,7 +123,8 @@
>  	}
>  	KASSERT(access_size > 0);
>  	NEW_VMCMD(&epp->ep_vmcmds, vmcmd_map_zero, access_size,
> -	    access_linear_min, NULLVP, 0, VM_PROT_READ | VM_PROT_WRITE);
> +	    access_linear_min, NULLVP, 0, VM_PROT_READ | VM_PROT_WRITE |
> +	    VM_PROT_EXECUTE);
>  
>  	return 0;
>  }