Bug#1096038: postgresql-pllua: FTBFS/autopkgtest failure with glibc 2.41 due to use of executable stack
Source: postgresql-pllua
Version: 1:2.0.12-3
Severity: import
Tags: ftbfs patch upstream
X-Debbugs-Cc: debian-glibc@lists.debian.org
User: debian-glibc@lists.debian.org
Usertags: glibc2.41 dlopen-executable-stack
Dear maintainer,
Starting with glibc 2.41, the dlopen and dlmopen functions no longer make
the stack executable if a shared library requires it and instead just
fail. This change aims to improve security, as the previous behaviour
was used as a vector for RCE (CVE-2023-38408).
Unfortunately the postgresql-17-pllua package provides an extension for
postgresql-17 which requires an executable stack. With this change, it
can't be loaded anymore, causing the testsuite to fail during build or
autopkgtest:
| make: *** [/usr/lib/postgresql/17/lib/pgxs/src/makefiles/pgxs.mk:436: installcheck] Error 1
| 2025-02-13 07:40:07.976 UTC [4366] LOG: starting PostgreSQL 17.2 (Debian 17.2-1+b2) on x86_64-pc-linux-gnu, compiled by gcc (Debian 14.2.0-14) 14.2.0, 64-bit
| 2025-02-13 07:40:07.977 UTC [4366] LOG: listening on IPv6 address "::1", port 5433
| 2025-02-13 07:40:07.977 UTC [4366] LOG: listening on IPv4 address "127.0.0.1", port 5433
| 2025-02-13 07:40:07.977 UTC [4366] LOG: listening on Unix socket "/tmp/.s.PGSQL.5433"
| 2025-02-13 07:40:07.981 UTC [4369] LOG: database system was shut down at 2025-02-13 07:40:07 UTC
| 2025-02-13 07:40:07.986 UTC [4366] LOG: database system is ready to accept connections
| 2025-02-13 07:40:10.324 UTC [4407] debci@contrib_regression ERROR: could not load library "/usr/lib/postgresql/17/lib/pllua.so": /usr/lib/postgresql/17/lib/pllua.so: cannot enable executable stack as shared object requires: Invalid argument
| 2025-02-13 07:40:10.324 UTC [4407] debci@contrib_regression STATEMENT: create extension pllua;
| 2025-02-13 07:40:10.325 UTC [4407] debci@contrib_regression ERROR: required extension "pllua" is not installed
| 2025-02-13 07:40:10.325 UTC [4407] debci@contrib_regression HINT: Use CREATE EXTENSION ... CASCADE to install required extensions too.
| 2025-02-13 07:40:10.325 UTC [4407] debci@contrib_regression STATEMENT: create extension hstore_pllua;
| 2025-02-13 07:40:10.352 UTC [4413] debci@contrib_regression ERROR: language "pllua" does not exist
| 2025-02-13 07:40:10.352 UTC [4413] debci@contrib_regression HINT: Use CREATE EXTENSION to load the language into the database.
| 2025-02-13 07:40:10.352 UTC [4413] debci@contrib_regression STATEMENT: do language pllua $$
For a full log, see:
https://ci.debian.net/data/autopkgtest/unstable/amd64/p/postgresql-pllua/57637374/log.gz
While the toolchain default to non-executable stack, postgresql-pllua
uses a custom ld command to embed lua code into the binary, which marks
the resulting binary as requiring stack. This can be fixed with the
following patch:
--- postgresql-pllua-2.0.12.orig/Makefile
+++ postgresql-pllua-2.0.12/Makefile
@@ -42,7 +42,7 @@ OBJCOPY ?= objcopy
# GNU LD and compatible linkers (including recent clang lld) should be
# fine with -r -b binary, but this does break on some ports.
-BIN_LD ?= $(LD) -r -b binary
+BIN_LD ?= $(LD) -r -b binary -znoexecstack
# If BIN_ARCH and BIN_FMT are defined, we assume LD_BINARY is broken
# and do this instead. This is apparently needed for linux-mips64el,
Regards
Aurelien
Reply to: