This is a two line patch that makes no actual code changes (it just changes the labelling of the shared object header). The result of this change is the same as running "execstack -c" on the shared object.
This patch improves system security. Without it any program that links to that shared object (or any shared object that depends on it) will run with an executable stack. For example here is the difference in output between "paxtest kiddie" and "LD_PRELOAD=/usr/lib/libsmpeg-0.4.so.0 paxtest kiddie": < Executable stack : Killed --- > Executable stack : Vulnerable While it seems unlikely that someone would use LD_PRELOAD in such a manner in any realistic attack situation, it is a good demonstration of the result of having the shared object in question linked to the executable. With my patch applied the result is that the "Executable stack" test gives a result of "Killed". NB paxtest is an i386 only package, but I believe that the same result applies to AMD64. It would be quite embarrassing if Lenny was vulnerable to a security problem because of this with the patch in the BTS for almost a year. Would you like me to NMU it? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]