it seems that all the .so files under /opt/sun-jdk-1.6.0.12/jre/ are missing the GNU_STACK program header. this in turn will cause ld.so to try to make the stack executable whenever a process dlopen's such a library, say, when firefox loads the java plugin. now due to yet another bug in ld.so, the variable holding the current stack protection value (__stack_prot) is in the relro segment and hence ld.so will trigger a segfault when it tries to update this (now read-only) variable. Reproducible: Always
There's not much we can do to upstream binaries. Please report the issue to http://bugs.sun.com and post a link back here. Please check if icedtea6-bin has these headers as that is something we build ourselves.
actually, in this case you can ;), execstack -c will add a GNU_STACK header to the libraries. but that's only a workaround indeed, upstream should pay better attention. unfortunately i already spent enough time on this, so someone else please take it up with Sun (and there's the related glibc/ld.so bug too).
*** Bug 263169 has been marked as a duplicate of this bug. ***
Pax team, could we have the defect re-evaluated? Does this still occur and if not can we close this defect? Have could I, the town idiot, determine whether a *.so has GNU_STACK?
(In reply to comment #4) > Pax team, could we have the defect re-evaluated? Does this still occur and if > not can we close this defect? nothing's got fixed apparently, at least not with sun-jdk-1.6.0.18. > Have could I, the town idiot, determine whether a *.so has GNU_STACK? it's very simple, you have two ways: 1. scanelf -eqR -E ET_DYN /opt/sun-jdk-1.6.0.18/ this will produce something like this: TYPE STK/REL/PTL FILE ET_DYN --- --- RW- sun-jdk-1.6.0.18/jre/lib/i386/libjava_crw_demo.so where the --- under STK means that the GNU_STACK header is missing. 2. find /opt/sun-jdk-1.6.0.18/ -name *.so -exec readelf -l {} \; this will dump the program headers of all .so files, the missing GNU_STACK will be obvious. the second form can be used to fix it up as well (in the ebuild): find /opt/sun-jdk-1.6.0.18/ -name *.so -exec execstack -c {} \;
none of the mentioned version is in tree anymore. please reopen if the problem still persists with the versions that are in tree.
(In reply to comment #6) > none of the mentioned version is in tree anymore. please reopen if the problem > still persists with the versions that are in tree. > This problem had been "fixed" the usual way: scanelf /opt/sun-jdk-1.6.0.23/bin/*|head TYPE FILE ET_EXEC /opt/sun-jdk-1.6.0.23/bin/appletviewer ET_EXEC /opt/sun-jdk-1.6.0.23/bin/apt ET_EXEC /opt/sun-jdk-1.6.0.23/bin/extcheck ET_EXEC /opt/sun-jdk-1.6.0.23/bin/idlj ET_EXEC /opt/sun-jdk-1.6.0.23/bin/jar ET_EXEC /opt/sun-jdk-1.6.0.23/bin/jarsigner ET_EXEC /opt/sun-jdk-1.6.0.23/bin/java ET_EXEC /opt/sun-jdk-1.6.0.23/bin/javac ET_EXEC /opt/sun-jdk-1.6.0.23/bin/javadoc
