Bug#1065541: libxshmfence1: Please rebuild to avoid overly huge ELF segment alignment
Package: libxshmfence1
Version: 1.3-1
Severity: normal
X-Debbugs-Cc: minipli@grsecurity.net
Dear Maintainer,
After investigating ELF binaries and libraries on Debian systems, I
noticed that libxshmfence1 uses an overly huge alignemnt for its segments.
This will lead to an unnecessary ASLR degradation for (transitive) users
of this library like xserver-xorg-core, cinnamon or gnome-software.
Below is the relevant output:
minipli@bell:~/src/paxtest (master)$ ./contrib/check_align.sh /usr/lib/x86_64-linux-gnu/libxshmfence.so.1.0.0
/usr/lib/x86_64-linux-gnu/libxshmfence.so.1.0.0 (max align=0x200000)
minipli@bell:~/src/paxtest (master)$ readelf -Wl /usr/lib/x86_64-linux-gnu/libxshmfence.so.1.0.0 | grep -B2 LOAD
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x000000 0x0000000000000000 0x0000000000000000 0x000df8 0x000df8 R E 0x200000
LOAD 0x000e00 0x0000000000200e00 0x0000000000200e00 0x000270 0x000278 RW 0x200000
The cause for the excessive segment alignment of 2MB instead of the
usual 4kB is binutils' ld which did, from versions v2.11 up to v2.30 (in
Debian, at least), use a huge default, even if no segment required such
a huge alignment. That was fixed in Debian with the release of buster,
which makes use of binutils v2.31+.
The full technical background behind overly huge alignment was reported
here: https://grsecurity.net/toolchain_necromancy_past_mistakes_haunting_aslr
Rebuilding the package will implicitly make use of a recent version of
ld and thereby fix the issue which is what I'm herby requesting.
Thanks,
Mathias
-- System Information:
Debian Release: 12.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-18-amd64 (SMP w/20 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libxshmfence1 depends on:
ii libc6 2.36-9+deb12u4
libxshmfence1 recommends no packages.
libxshmfence1 suggests no packages.
-- no debconf information
Reply to: