Lintian and Executable Stacks

Debian has a program called Lintian that is used to search for common bugs in Debian packages. When it encounters a package with a shared object that requests an executable stack (as described in my previous post about executable stacks and shared objects [1]) it gives a warning such as the following:
W: liblzo1: shlib-with-executable-stack usr/lib/liblzo.so.1.0.0

Lintian is run automatically on Debian servers and has a web site at http://lintian.debian.org/. You can search the site for all packages which have such executable stacks [2].

Of all the packages listed I have only two installed on my system, liblzo1 and libsmpeg0, both of which I had already discovered and built new versions with the correct stack settings (I’ll publish an APT repository shortly). For the rest I am not sure whether they are really bugs. The ones that concern me are xserver-xorg-video-nsc (we don’t want a stack smashing attack on something as important as an X server) and the C libraries libuclibc0 and dietlibc which may cause many programs to run with an executable stack.

The above URL shows that libffcall1 [4] has this problem (as Eddy discovered [5]). Eddy filed Debian bug report 445895 [6] about this problem (I have just updated the bug report with a patch to make it work on i386).

Linda (an alternative to Lintian) does not currently warn about this. I have filed Debian bug report 445826 about this [3].

Executable Stack and Shared Objects When running SE Linux you will notice that most applications...
execmod Ulrich Drepper has written a good web page about text...
Xen and serial ports Currently there is a serious problem with Xen. Fedora Core...
installing Debian Etch A few days ago I installed Debian/Etch on my Thinkpad....
planet debian I am aware of the problems in displaying my blog...

This entry was posted in Security and tagged Selinux. Bookmark the permalink.

One Response to Lintian and Executable Stacks

Pingback: Execmem and SE Linux | etbe