gnupg executable stack fix

Bug #49323 reported by John Moser on 2006-06-11
4
Affects Status Importance Assigned to Milestone
gnupg (Debian)
Fix Released
Unknown
gnupg (Ubuntu)
Low
Unassigned

Bug Description

Binary package hint: gnupg

Same bug as bug #49192, same solution, run the below script in the root of the source tree:

e="/* Add these three lines to get us a PT_GNU_STACK header */
#ifdef __ELF__
.section .note.GNU-stack,\"\",%progbits
#endif"
for i in `find . -name \*.S`; do echo "$e" >> "$i"; done

Bug upstream once you fix it, use Ubuntu as an example of "yes this really works," reference to nice hardened gentoo documentation[1], yes I actually did a quick check for stack execution (grep for esp and look for jmp or branches into esp+somebytes), etc etc. You get the idea by now.

[1] http://www.gentoo.org/proj/en/hardened/gnu-stack.xml

Related branches

Micah Cowan (micahcowan) wrote :

Confirmed, at least for 1.4.2.2-1ubuntu2.2.

$ execstack -q /usr/bin/gpg
X /usr/bin/gpg

Changed in gnupg:
status: Unconfirmed → Confirmed
Kees Cook (kees) on 2007-10-31
Changed in gnupg:
importance: Undecided → Low

Recent gnupg:

execstack -q /usr/bin/gpg
- /usr/bin/gpg

Also --enable-noexecstack can be given via configure switch.

Changed in gnupg (Debian):
status: Unknown → New
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnupg - 1.4.9-4ubuntu2

---------------
gnupg (1.4.9-4ubuntu2) karmic; urgency=low

  * debian/rules: add --enable-noexecstack to configure to avoid needless
    executable stacks on i386 (LP: #49323, debian bug 527630).
  * debian/rules: fix "nocheck" logic to run tests (debian bug 521884).

 -- Kees Cook <email address hidden> Fri, 08 May 2009 09:12:18 -0700

Changed in gnupg (Ubuntu):
status: Confirmed → Fix Released
Changed in gnupg (Debian):
status: New → Fix Committed
Changed in gnupg (Debian):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.