execstack to the rescue
28 May 2006 Since debian is being a bitch about wanting executable stack when the program doesn't need it, I've been looking for a way to modify the ELF header so it no longer requires that functionality.It seems the execstack tool could do the job. It's in the prelink package.
So far, I've had to clear (execstack -c) the flags on:
/usr/lib/libgcrypt.so.11
/usr/lib/liblzo.so.1
/usr/lib/libdivxdecore.so.0
/usr/lib/libmp3lame.so.0
/usr/lib/libxvidcore.so.4
/usr/lib/libGL.so.1
After going through my filesystem a bit, I've found a whole bunch of programs requiring executable stack.
And I fell over a tool from mysql-server called "resolveip" which barely fits on a single floppy (1.4MB). Now why the hell is that program so huge ?!
I scanned my entire disk for ELF binaries and found that all these require executable stack:
X ./usr/bin/gpg
X ./usr/bin/gpgv
X ./usr/bin/myisam_ftdump
X ./usr/bin/mysql_client_test_embedded
X ./usr/bin/mysqltest_embedded
X ./usr/bin/mysql_waitpid
X ./usr/bin/comp_err
X ./usr/bin/my_print_defaults
X ./usr/bin/myisamchk
X ./usr/bin/myisamlog
X ./usr/bin/myisampack
X ./usr/bin/ndb_drop_index
X ./usr/bin/ndb_desc
X ./usr/bin/mysql_tzinfo_to_sql
X ./usr/bin/ndb_delete_all
X ./usr/bin/ndb_select_count
X ./usr/bin/ndb_drop_table
X ./usr/bin/ndb_mgm
X ./usr/bin/ndb_restore
X ./usr/bin/ndb_select_all
X ./usr/bin/resolve_stack_dump
X ./usr/bin/ndb_show_tables
X ./usr/bin/ndb_waiter
X ./usr/bin/perror
X ./usr/bin/replace
X ./usr/bin/resolveip
X ./usr/lib/klibc/bin/gzip
X ./usr/lib/klibc/bin/ipconfig
X ./usr/lib/klibc/bin/kinit
X ./usr/lib/klibc/bin/nfsmount
X ./usr/lib/klibc/bin/cat
X ./usr/lib/klibc/bin/chroot
X ./usr/lib/klibc/bin/dd
X ./usr/lib/klibc/bin/false
X ./usr/lib/klibc/bin/fstype
X ./usr/lib/klibc/bin/insmod
X ./usr/lib/klibc/bin/ln
X ./usr/lib/klibc/bin/minips
X ./usr/lib/klibc/bin/mkdir
X ./usr/lib/klibc/bin/mkfifo
X ./usr/lib/klibc/bin/mount
X ./usr/lib/klibc/bin/nuke
X ./usr/lib/klibc/bin/pivot_root
X ./usr/lib/klibc/bin/run-init
X ./usr/lib/klibc/bin/sleep
X ./usr/lib/klibc/bin/true
X ./usr/lib/klibc/bin/umount
X ./usr/lib/klibc/bin/uname
X ./usr/lib/klibc/bin/gunzip
X ./usr/lib/klibc/bin/sh.shared
X ./usr/lib/klibc/bin/zcat
X ./usr/lib/helix/player/codecs/colorcvt.so
X ./usr/lib/helix/player/codecs/cvt1.so
X ./usr/lib/helix/player/plugins/vidsite.so
X ./usr/lib/xorg/modules/drivers/nsc_drv.so
X ./usr/lib/dri/fglrx_dri.so
X ./usr/lib/xine/plugins/1.1.1/xineplug_decode_w32dll.so
X ./usr/lib/xine/plugins/1.1.1/xineplug_decode_qt.so
X ./usr/sbin/iconvconfig
X ./usr/sbin/mysqlmanager
X ./usr/sbin/mysqld
X ./usr/sbin/ndb_cpcd
X ./usr/sbin/ndbd
X ./usr/sbin/ndb_mgmd
X ./bin/gzip
X ./bin/gunzip
X ./bin/zcat
X ./bin/uncompress
X ./lib/klibc-NDtVTttYAxNaaNiOsQ6T1EIYUSo.so
X ./sbin/grub
X ./sbin/insmod.modutils
X ./sbin/cryptsetup