To avoid reinstating the broken code that changes stack permission on dlopen (0ca8785a28), this patch extends the glibc.rtld.execstack tunable to allow an option to force an executable stack at the program startup.
Now all the affected developers will turn that option on and completely ignore this until they try to remove the tunable and force everyone to make their code secure.
A tunable also allows us to eventually remove it, but from previous experiences, it would require some time.
The best they can do is add it to a list of changes for a future major version increment. Then they’ll still have to support the current major version for many more years because of developers who don’t want to fix these issues in their code.
> To avoid reinstating the broken code that changes stack permission on dlopen (0ca8785a28), this patch extends the glibc.rtld.execstack tunable to allow an option to force an executable stack at the program startup.
Now all the affected developers will turn that option on and completely ignore this until they try to remove the tunable and force everyone to make their code secure.
> A tunable also allows us to eventually remove it, but from previous experiences, it would require some time.
The best they can do is add it to a list of changes for a future major version increment. Then they’ll still have to support the current major version for many more years because of developers who don’t want to fix these issues in their code.
(post is archived)