[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1096038: postgresql-pllua: FTBFS/autopkgtest failure with glibc 2.41 due to use of executable stack



Source: postgresql-pllua
Version: 1:2.0.12-3
Severity: import
Tags: ftbfs patch upstream
X-Debbugs-Cc: debian-glibc@lists.debian.org
User: debian-glibc@lists.debian.org
Usertags: glibc2.41 dlopen-executable-stack

Dear maintainer,

Starting with glibc 2.41, the dlopen and dlmopen functions no longer make
the stack executable if a shared library requires it and instead just
fail. This change aims to improve security, as the previous behaviour
was used as a vector for RCE (CVE-2023-38408).

Unfortunately the postgresql-17-pllua package provides an extension for
postgresql-17 which requires an executable stack. With this change, it
can't be loaded anymore, causing the testsuite to fail during build or
autopkgtest:

| make: *** [/usr/lib/postgresql/17/lib/pgxs/src/makefiles/pgxs.mk:436: installcheck] Error 1
| 2025-02-13 07:40:07.976 UTC [4366] LOG:  starting PostgreSQL 17.2 (Debian 17.2-1+b2) on x86_64-pc-linux-gnu, compiled by gcc (Debian 14.2.0-14) 14.2.0, 64-bit
| 2025-02-13 07:40:07.977 UTC [4366] LOG:  listening on IPv6 address "::1", port 5433
| 2025-02-13 07:40:07.977 UTC [4366] LOG:  listening on IPv4 address "127.0.0.1", port 5433
| 2025-02-13 07:40:07.977 UTC [4366] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5433"
| 2025-02-13 07:40:07.981 UTC [4369] LOG:  database system was shut down at 2025-02-13 07:40:07 UTC
| 2025-02-13 07:40:07.986 UTC [4366] LOG:  database system is ready to accept connections
| 2025-02-13 07:40:10.324 UTC [4407] debci@contrib_regression ERROR:  could not load library "/usr/lib/postgresql/17/lib/pllua.so": /usr/lib/postgresql/17/lib/pllua.so: cannot enable executable stack as shared object requires: Invalid argument
| 2025-02-13 07:40:10.324 UTC [4407] debci@contrib_regression STATEMENT:  create extension pllua;
| 2025-02-13 07:40:10.325 UTC [4407] debci@contrib_regression ERROR:  required extension "pllua" is not installed
| 2025-02-13 07:40:10.325 UTC [4407] debci@contrib_regression HINT:  Use CREATE EXTENSION ... CASCADE to install required extensions too.
| 2025-02-13 07:40:10.325 UTC [4407] debci@contrib_regression STATEMENT:  create extension hstore_pllua;
| 2025-02-13 07:40:10.352 UTC [4413] debci@contrib_regression ERROR:  language "pllua" does not exist
| 2025-02-13 07:40:10.352 UTC [4413] debci@contrib_regression HINT:  Use CREATE EXTENSION to load the language into the database.
| 2025-02-13 07:40:10.352 UTC [4413] debci@contrib_regression STATEMENT:  do language pllua $$

For a full log, see:
https://ci.debian.net/data/autopkgtest/unstable/amd64/p/postgresql-pllua/57637374/log.gz

While the toolchain default to non-executable stack, postgresql-pllua
uses a custom ld command to embed lua code into the binary, which marks
the resulting binary as requiring stack. This can be fixed with the
following patch:

--- postgresql-pllua-2.0.12.orig/Makefile
+++ postgresql-pllua-2.0.12/Makefile
@@ -42,7 +42,7 @@ OBJCOPY ?= objcopy
 # GNU LD and compatible linkers (including recent clang lld) should be
 # fine with -r -b binary, but this does break on some ports.
 
-BIN_LD ?= $(LD) -r -b binary
+BIN_LD ?= $(LD) -r -b binary -znoexecstack
 
 # If BIN_ARCH and BIN_FMT are defined, we assume LD_BINARY is broken
 # and do this instead. This is apparently needed for linux-mips64el,

Regards
Aurelien


Reply to: