This is resolved upstream. See the ticket at http://tracker.ceph.com/issues/10114; the original fix for upstream master is commit 06a245a9845c0c126fb3106b41b2fd2bc4bc4df3, and it is in the firefly (v0.80.* releases) as commit 01faf1356f648ded9acda02e7cc67c1adb9e9ee3 from November 14 2014 (this is in v0.80.9 at least, not sure what the timing is on the previous releases). -Greg
On Sat, May 9, 2015 at 8:03 PM, Russell Coker <russ...@coker.com.au> wrote: > Package: librados2 > Version: 0.80.7-2 > Severity: normal > > # execstack /usr/lib/x86_64-linux-gnu/librados.so.2 > X /usr/lib/x86_64-linux-gnu/librados.so.2 > > librados currently requests an executable stack. It would be ideal if it > didn't request such access so that programs such as /usr/bin/qemu-system-i386 > that link against it are less vulnerable to stack based attacks. > > Does librados even need an executable stack? In a quick test it appeared to > work without it. > > -- System Information: > Debian Release: 8.0 > APT prefers stable-updates > APT policy: (500, 'stable-updates'), (500, 'stable') > Architecture: amd64 (x86_64) > > Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) > Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages librados2 depends on: > ii libboost-system1.55.0 1.55.0+dfsg-3 > ii libboost-thread1.55.0 1.55.0+dfsg-3 > ii libc6 2.19-18 > ii libgcc1 1:4.9.2-10 > ii libnspr4 2:4.10.7-1 > ii libnss3 2:3.17.2-1.1 > ii libstdc++6 4.9.2-10 > ii libuuid1 2.25.2-6 > ii multiarch-support 2.19-18 > > librados2 recommends no packages. > > librados2 suggests no packages. > > -- no debconf information > _______________________________________________ > Ceph-maintainers mailing list > ceph-maintain...@lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-maintainers-ceph.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
